Kido nursery hackers threaten to release more details – along with the personal data of 100 employees
The attack is the first to be claimed by the new threat group 'Radiant'
Hackers have published the profiles of children attending the Kido chain of nurseries and are threatening to release more.
A group called Radiant hacked the company's systems and posted the profiles of ten children online on Thursday and another ten on Friday, saying it would release 30 more, along with the personal data of 100 employees.
The data released includes the children's names, dates of birth, birthplaces, and the personal details of parents, grandparents, and guardians, including addresses and phone numbers.
30% off Keeper Security's Business Starter and Business plans
Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?
"It's an unfortunate fact that the reason for the public outcry over compromised child data is the very reason it was targeted in the first place: it's considered very sensitive. Because of this, a common assumption is that the data is heavily protected, but that's often not the case," commented Tim Erridge, vice-president of Europe, the Middle East, and Africa at Unit 42 at Palo Alto Networks.
"Sadly, this attack potentially marks a turning point whereby we can no longer assume that children are off limits to attackers ethically. Something that typically would have been true in the past, with many assuming that children's data isn't of value to hackers."
The attack appears to have been carried out through the breach of billing, staffing, and reporting software supplied by software firm Famly.
"This malicious attack represents a truly barbaric new low, with bad actors trying to expose our youngest children's data to make a quick buck," chief executive Anders Laustsen told the BBC.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
"We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly's security or infrastructure in any way and no other customers have been affected."
The Radiant group
The Radiant group appears to be brand new; the Kido compromise is the only one on its site. According to Palo Alto Networks, there's no information about the group beyond what it has supplied itself. The group doesn't as yet appear to be affiliated with any nation-state actors or other established cybercrime syndicates.
Palo Alto researchers said the incident appears to be a ransomware attack combined with data exfiltration, a tactic commonly known as double extortion. The hackers have even reportedly contacted the parents of some affected children directly to extort them.
"Most places of education use apps for parent convenience but the implementation of these platforms is often not done with security being an inherent consideration, let alone mandatory," said Erridge.
"The education sector is lean, so usually schools and nurseries are themselves responsible for setting up, running, and maintaining apps, but it's rare that they possess the cybersecurity know-how to do so securely. Alternatively, they may rely upon third-party services to help run their IT infrastructure and assume that security is included as part of the deal when it simply is not."
He advised schools and nurseries that use such apps to immediately review the security controls currently in use and rotate passwords, particularly across key operational and administrative accounts, and also to adopt multi-factor authentication where available.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
With jobs on the line, CEOs now demand cyber attack recovery in hours, not days or weeksNews Recovery takes most organizations weeks or months, CEOs think it should be far quicker
-
Legacy kit behind vast majority of cyber attacks on utilitiesNews With equipment and software poorly suited to withstand modern cyber threats, organizations need to do more to identify unmanaged or vulnerable systems
-
Hostile states behind three-quarters of UK critical infrastructure attacksNews NCSC CEO warns that with the rise of AI, the danger is only set to get worse
-
Security professionals want leaders who have already led their organization through a major cyber incident – regardless of how things turned outNews Research from ISC2 reveals what makes for a good security leader
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
UK wants an AI-powered anti-hacking systemNews GCHQ is building a national cyber defence capability powered by AI – though it may take five years
-
GitHub internal repositories exfiltrated via malicious VS Code extensionNews The breach has been claimed by the TeamPCP hacking group, which said it is offering the data for sale
