Hackers steal personal data of 8,000 children from Kido nursery chain

A cyberattack on the Kido nursery chain, which operates 18 sites across London and others in the US, India and China, has reportedly led to the theft of the names, pictures, and addresses of about 8,000 children. The group responsible, which goes by the name of Radiant, has demanded a ransom from the company.

The hackers claim to possess information on the children's parents and carers, as well as safeguarding notes, and have used phone calls as part of their extortion tactics. Kido has not yet publicly confirmed the hackers' claims. The Metropolitan Police confirmed they are investigating a ransomware attack on the London-based organisation, while the Information Commissioner's Office confirmed that the nursery company had reported an incident.

In a statement responding to the news, Jonathon Ellison, NCSC Director for National Resilience, said:

"The reports of highly sensitive data being stolen in a cyber incident impacting nurseries are deeply distressing.

"Cyber criminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act." 

In an update. BBC News reports that the hacking group has stated that they will publish more information online unless their ransom demands are paid. Having posted profiles of 10 children online on Thursday, the group has now shared a "Data Leakage Roadmap" saying "the next steps for us will be to release 30 more 'profiles' of each child and 100 employees' private data". 

Training Announcement: Freevacy offers a range of independent data protection qualifications from IAPP and BCS. Our certified courses are available at foundation and practitioner levels and cover multiple legal jurisdictions, data protection operations management, and the implementation of complex privacy solutions in technical environments. Find out more.