Skip to main content

The group, calling themselves Radiant, claim to hold the pictures, names and addresses of thousands of children, which they stole from the UK-based Kido Nursery chain. They are demanding a ransom, and have already published the pictures and personal information of 20 children. 

For those working in the field of cyber security, this incident is particularly concerning. Amongst cyber security professionals there has been an understanding that, even for cyber criminals, certain targets remain out of bounds. In 2023, the LockBit ransomware gang apologised to a Canadian children’s hospital, claiming that the ‘partner’ who attacked the hospital had violated the gang’s rules and had been blocked; LockBit even offered to decrypt the data and systems that had been affected by the attack. 

“They are kids – their personal details shouldn’t be worth anything.” 

A Kido parent speaking to the BBC 

Radiant appears to have no such qualms. The sample of the data posted by the ransomware gang contains the names, genders and dates of birth of the children – as well as their pictures – and the full extent of the breach is not yet clear. Nurseries are likely to hold information related to medical conditions, parental contact details, the developmental progress of children and other sensitive data. The potential for harm is extensive.

Why is this happening?

The simple answer is money. Ransomware gangs look to exploit organisations in ways that are unique to the individual businesses. The slow drip of information into the public realm is a standard way of doing this. Gangs look to understand the sensitive data held by an organisation and to systematically apply pressure, challenging leaders and threatening victims, until they extort the desired ransom. 

“We do it for the money, not for anything other than money.” 

The hackers speaking to the BBC

What could happen next?

Pressure is likely to increase on the nursery. Kido has not spoken to the press and does not appear to be complying with the criminals’ demands; the nursery is working with the authorities and the Metropolitan Police, who advise companies never to pay ransoms. As the hackers become frustrated, more points of information may be released. According to news reports, several parents have already been contacted directly by the criminals, asking them to put pressure on Kido to pay the ransom. 

It is possible that the full scale and impact of the incident is not yet understood; only time and the efforts of incident response and forensics teams will shed light on this. Unfortunately, there is unlikely to be a wholly ‘good’ outcome for Kido, whose focus now will be on mitigating the personal, financial and technical impact of the attack. 

What can we learn from this? 

The attack on a nursery chain in the UK is a sinister shift in the attitudes of ransomware gangs and a sign that no organisation is out of bounds: not even the most vulnerable in our society are beyond targeting. Clearly, the adoption of new technology and the pace of digitisation throughout society continue to create new opportunities for attackers. Sadly, no organisation – no matter how benevolent its activities – is beyond the pale. 

The lessons for all companies digitising sensitive data are clear: think about data security from the outset, be prepared to compromise convenience in favour of protection, and, sadly, plan for the worst. The Kido Nursery attack and the pressure from press, parents and the criminal gang, show that operational resilience and a clear, practised incident response plan are essential.

Cyber Risk

Cyber Risk

We understand that protecting your business from evolving cyber threats is crucial for your success. Whether you need expert advice, a tailored cyber security solution, or immediate support, we’re here to help.

Contact us

Contact our experts

Roland Thomas

Roland Thomas

Associate Director

Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk