Kido International

Kido International, a preschool and daycare organization operating in the UK, US, and India, fell victim to a targeted ransomware attack in September 2023. The Radiant Group, a newly emerged cybercriminal syndicate, breached the company’s systems and exfiltrated sensitive data, including profiles of at least 10 children comprising photos, full names, home addresses, and parental contact details (including workplaces). The attackers publicly leaked this data on their dark web site as part of an aggressive extortion campaign, threatening to expose more information unless a ransom was paid. While the gang later removed the leaked data under apparent pressure from other criminal actors, some parents reported receiving threatening calls, exacerbating distress. The incident triggered a police investigation, leading to the arrest of two 17-year-old suspects in Hertfordshire on charges of computer misuse and blackmail. The attack not only compromised highly personal and sensitive child and family data but also inflicted reputational harm and psychological trauma on affected families, with potential long-term trust erosion in the institution.

Source: https://www.theregister.com/2025/10/07/2_teens_arrested_in_london/

TPRM report: https://www.rankiteo.com/company/kidoed

"id": "kid1602016100825",
"linkid": "kidoed",
"type": "Ransomware",
"date": "9/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'at least 10 children and their '
                                              'families (data leaked)',
                        'industry': 'education/childcare',
                        'location': ['UK', 'US', 'India'],
                        'name': 'Kido International',
                        'type': 'preschool and daycare organization'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['images (photos)',
                                        'text (names, addresses, contact '
                                        'details)'],
                 'number_of_records_exposed': 'at least 10 (children and '
                                              'parents)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': "high (children's sensitive personal "
                                        'data)',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'photos',
                                              'home addresses',
                                              "parents' contact details",
                                              'employment information']},
 'date_detected': '2023-09-25',
 'date_publicly_disclosed': '2023-09-26',
 'description': "London's Metropolitan Police arrested two 17-year-old "
                'teenagers on suspicion of computer misuse and blackmail '
                'following a ransomware attack on Kido International, a '
                'preschool and daycare organization operating in the UK, US, '
                'and India. The Radiant Group, a new ransomware gang, claimed '
                'responsibility and published profiles of 10 '
                'children including photos, names, home addresses, and '
                "parents' contact details on their dark web site to extort a "
                'ransom. The data was later deleted under pressure from other '
                'criminals, but some parents reported receiving threatening '
                'calls.',
 'impact': {'brand_reputation_impact': "high (due to exposure of children's "
                                       'sensitive data and publicized '
                                       'extortion)',
            'customer_complaints': ['threatening calls to parents'],
            'data_compromised': ["children's profiles (photos, names, home "
                                 'addresses)',
                                 "parents' contact details",
                                 'places of work'],
            'identity_theft_risk': "high (children and parents' PII exposed)"},
 'initial_access_broker': {'high_value_targets': ["children's data",
                                                  "parents' personal "
                                                  'information']},
 'investigation_status': 'ongoing (arrests made, but work continues)',
 'motivation': ['financial gain', 'extortion'],
 'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
 'references': [{'source': 'The Register'},
                {'source': 'Metropolitan Police Statement'}],
 'regulatory_compliance': {'legal_actions': ['arrests of two suspects '
                                             '(17-year-olds) for computer '
                                             'misuse and blackmail'],
                           'regulatory_notifications': ["reported to UK's "
                                                        'Action Fraud']},
 'response': {'communication_strategy': ['public statement by Metropolitan '
                                         'Police reassuring affected families',
                                         'ongoing investigation'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True},
 'stakeholder_advisories': ['Metropolitan Police reassurance to parents and '
                            'community'],
 'threat_actor': 'Radiant Group',
 'title': 'Ransomware Attack on Kido International Preschool Chain',
 'type': ['ransomware', 'data breach', 'extortion', 'blackmail']}