Kido nursery hackers threaten to release more details – along with the personal data of 100 employees

(Image credit: Getty Images)

published 29 September 2025

Hackers have published the profiles of children attending the Kido chain of nurseries and are threatening to release more.

A group called Radiant hacked the company's systems and posted the profiles of ten children online on Thursday and another ten on Friday, saying it would release 30 more, along with the personal data of 100 employees.

The data released includes the children's names, dates of birth, birthplaces, and the personal details of parents, grandparents, and guardians, including addresses and phone numbers.

"It's an unfortunate fact that the reason for the public outcry over compromised child data is the very reason it was targeted in the first place: it's considered very sensitive. Because of this, a common assumption is that the data is heavily protected, but that's often not the case," commented Tim Erridge, vice-president of Europe, the Middle East, and Africa at Unit 42 at Palo Alto Networks.

"Sadly, this attack potentially marks a turning point whereby we can no longer assume that children are off limits to attackers ethically. Something that typically would have been true in the past, with many assuming that children's data isn't of value to hackers."

The attack appears to have been carried out through the breach of billing, staffing, and reporting software supplied by software firm Famly.

"This malicious attack represents a truly barbaric new low, with bad actors trying to expose our youngest children's data to make a quick buck," chief executive Anders Laustsen told the BBC.

"We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly's security or infrastructure in any way and no other customers have been affected."

The Radiant group

The Radiant group appears to be brand new; the Kido compromise is the only one on its site. According to Palo Alto Networks, there's no information about the group beyond what it has supplied itself. The group doesn't as yet appear to be affiliated with any nation-state actors or other established cybercrime syndicates.

Palo Alto researchers said the incident appears to be a ransomware attack combined with data exfiltration, a tactic commonly known as double extortion. The hackers have even reportedly contacted the parents of some affected children directly to extort them.

"Most places of education use apps for parent convenience but the implementation of these platforms is often not done with security being an inherent consideration, let alone mandatory," said Erridge.

"The education sector is lean, so usually schools and nurseries are themselves responsible for setting up, running, and maintaining apps, but it's rare that they possess the cybersecurity know-how to do so securely. Alternatively, they may rely upon third-party services to help run their IT infrastructure and assume that security is included as part of the deal when it simply is not."

He advised schools and nurseries that use such apps to immediately review the security controls currently in use and rotate passwords, particularly across key operational and administrative accounts, and also to adopt multi-factor authentication where available.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.