Teens arrested over nursery chain Kido hack
The ransom attack caused widespread shock when the hackers published children's personal data
The UK's Metropolitan Police have arrested two teenagers for the recent data breach of the Kido chain of children's nurseries.
The two men, both aged 17, were arrested yesterday in Bishop's Stortford, Hertfordshire, as part of a raid on a number of properties. They were taken into custody, where they are being questioned on suspicion of computer misuse and blackmail.
"Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible," said Will Lyne, the Met's head of economic and cybercrime.
"These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice."
The attack on the Kido pre-school chain saw the theft of data on around 8,000 children. It appeared to have been carried out through the breach of Kido's billing, staffing, and reporting software system, supplied by Famly.
It was widely condemned when the previously unknown hackers, who called themselves Radiant, published the profiles of 10 children and threatened to publish more if their ransom demands weren't met.
The data included the children's names, dates of birth, and birthplaces, along with the personal details of parents, grandparents, and guardians, including their addresses and phone numbers.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
The hackers were even reported to have contacted the parents of some affected children directly to extort them.
However, the attackers later removed all the stolen data and pictures from their darknet site and said they'd deleted all the data they'd stolen.
"We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families," said Lyne.
"We want to reassure the community and anyone affected that this matter continues to be taken extremely seriously."
At the time, Palo Alto researchers noted that Radiant appeared to be a brand new group, and unaffiliated with any nation-state actors or other established cybercrime syndicates.
Targeting small children and publishing such a broad range of personal data was also something of a first. And when asked by BBC News whether they felt bad about extorting a nursery using the children's data, the criminals said they 'weren't asking for an enormous amount' and that they 'deserve some compensation for our pentest'.
While this was the first attack of its kind, Palo Alto Networks warns that there may be more, with many educational establishments using similar billing, staffing, and reporting software without understanding the security implications.
Palo Alto advises schools and nurseries that use such platforms to immediately review the security controls they currently have in use. They should rotate passwords, particularly across key operational and administrative accounts, and adopt multi-factor authentication where available.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
With jobs on the line, CEOs now demand cyber attack recovery in hours, not days or weeksNews Recovery takes most organizations weeks or months, CEOs think it should be far quicker
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
UK wants an AI-powered anti-hacking systemNews GCHQ is building a national cyber defence capability powered by AI – though it may take five years
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
