Teens arrested over nursery chain Kido hack

The UK's Metropolitan Police have arrested two teenagers for the recent data breach of the Kido chain of children's nurseries.

The two men, both aged 17, were arrested yesterday in Bishop's Stortford, Hertfordshire, as part of a raid on a number of properties. They were taken into custody, where they are being questioned on suspicion of computer misuse and blackmail.

"Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible," said Will Lyne, the Met's head of economic and cybercrime.

"These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice."

The attack on the Kido pre-school chain saw the theft of data on around 8,000 children. It appeared to have been carried out through the breach of Kido's billing, staffing, and reporting software system, supplied by Famly.

It was widely condemned when the previously unknown hackers, who called themselves Radiant, published the profiles of 10 children and threatened to publish more if their ransom demands weren't met.

The data included the children's names, dates of birth, and birthplaces, along with the personal details of parents, grandparents, and guardians, including their addresses and phone numbers.

The hackers were even reported to have contacted the parents of some affected children directly to extort them.

However, the attackers later removed all the stolen data and pictures from their darknet site and said they'd deleted all the data they'd stolen.

"We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families," said Lyne.

"We want to reassure the community and anyone affected that this matter continues to be taken extremely seriously."

At the time, Palo Alto researchers noted that Radiant appeared to be a brand new group, and unaffiliated with any nation-state actors or other established cybercrime syndicates.

Targeting small children and publishing such a broad range of personal data was also something of a first. And when asked by BBC News whether they felt bad about extorting a nursery using the children's data, the criminals said they 'weren't asking for an enormous amount' and that they 'deserve some compensation for our pentest'.

While this was the first attack of its kind, Palo Alto Networks warns that there may be more, with many educational establishments using similar billing, staffing, and reporting software without understanding the security implications.

Palo Alto advises schools and nurseries that use such platforms to immediately review the security controls they currently have in use. They should rotate passwords, particularly across key operational and administrative accounts, and adopt multi-factor authentication where available.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.