A London-based nursery school chain, Kido International, has been targeted by hackers who are threatening to release sensitive information onto the dark web unless a ransom is paid. British authorities confirmed the incident on Friday.
Kido International, which operates nurseries across London, the United States, and India, has formally reported the breach. Britain’s data protection agency, the Information Commissioners Office (ICO), stated, “the safety and privacy of children remains paramount, and we will work with our partners to understand the full impact of this incident and support those affected.”
Reports indicate that a hacking group, identifying themselves as “Radiant,” has already published profiles of ten children on the dark web. These profiles reportedly include names, photographs, and other identifying details. The group has explicitly threatened to release additional child profiles and information pertaining to Kido International employees if their ransom demands are not met.
London’s Metropolitan Police are actively investigating the incident. A statement from the force confirmed, “Enquiries are ongoing and remain in the early stages within the Met’s cybercrime unit. No arrests have been made.”
While the full extent of the breach is still under investigation, cybersecurity expert Graeme Stewart of Check Point Software described the Kido International hacking as “the most outrageous, in terms of the morals” he had ever encountered. He noted, “In sheer numbers terms, it’s not that big of an attack. The difference is that it involves children. This is a new low. I’ve never seen anything like that.”
Mr. Stewart indicated that the hacker group appears to have acquired data on approximately 8,000 individuals linked to the nursery schools. This reportedly includes sensitive information about parents, children, and employees, alongside educational and medical records, and even photographs of the children. “It’s a disgrace,” he added.
Ransom demands for withholding sensitive online information have become a pervasive global threat. Cybercriminals frequently target hospitals, government entities, and private businesses, threatening to release private data or freeze networks until payments are made. For instance, London recently saw two hospital chains severely disrupted by hackers who attacked Synnovis, a private firm specializing in blood test analysis.
The unauthorized release of information concerning young children is particularly distressing for parents. One father, whose child attends a Kido nursery, expressed profound alarm after being notified of the data breach. “The revelation the children’s details could have been put on the dark web, that’s very concerning and alarming for me,” he told a prominent radio station.