The nursery chain Kido International suffered a ransomware attack by the hacker group Radiant, which stole and leaked personal data of over 8,000 children and employees. The compromised children’s data includes names, addresses, medical records, incident reports, and medication details, while the exposed employee data covers full names, National Insurance numbers, DOBs, home addresses, employment dates, and email addresses. The attackers demanded 1.5% of the company’s annual revenue as ransom, threatening to release more data including profiles of 30 additional children and 100 employees if unpaid. The Metropolitan Police and ICO are investigating, but the hackers have already published some data on the dark web. Experts warn that paying the ransom would not guarantee data suppression, as stolen information is often sold to other criminals for fraud or scams. The attack has severely compromised sensitive personal and health-related data of minors and staff, posing long-term risks of identity theft, fraud, and reputational damage to the company.
TPRM report: https://www.rankiteo.com/company/kidoed
"id": "kid1941219100525",
"linkid": "kidoed",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '8,000+ children and 100+ '
'employees',
'industry': 'childcare/education',
'location': 'London, UK',
'name': 'Kido International (Kido Nursery Chain)',
'type': 'private company'}],
'customer_advisories': 'Emails sent to affected families with reassurance',
'data_breach': {'data_exfiltration': 'yes (posted on dark web)',
'file_types_exposed': ['images',
'text records (medical, incident '
'reports)',
'databases (employee/PII)'],
'number_of_records_exposed': '8,000+ (children) + 100+ '
'(employees)',
'personally_identifiable_information': 'yes (names, '
'addresses, DOBs, '
'national insurance '
'numbers, etc.)',
'sensitivity_of_data': "high (includes children's medical "
'records and PII)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'employment records']},
'date_publicly_disclosed': '2023-09-25',
'description': "Hackers claiming to be part of the group 'Radiant' stole "
'personal data, including pictures, names, addresses, medical '
'records, and incident reports of over 8,000 children '
'attending Kido nursery chain in London. The group also stole '
'personal details of employees, including national insurance '
'numbers, DOBs, and employment records. They demanded a ransom '
"of ~1.5% of Kido's yearly revenue and threatened to release "
'more data if unpaid. The Metropolitan Police and ICO are '
'investigating, while Kido has notified affected families and '
'authorities.',
'impact': {'brand_reputation_impact': 'high (sensitive data of children '
'exposed)',
'data_compromised': ["children's pictures",
'names',
'addresses',
'medical records',
'incident reports',
'allocation of drugs/medicine',
"employees' full names",
'national insurance numbers',
'dates of birth',
'full addresses',
'employment start dates',
'email addresses'],
'identity_theft_risk': 'high (PII of children and employees '
'exposed)',
'legal_liabilities': 'potential (ICO investigation ongoing)'},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (partial data already '
'released)',
'high_value_targets': "children's sensitive data "
'(for extortion leverage)'},
'investigation_status': 'ongoing (early stages, no arrests)',
'motivation': 'financial (ransom demand)',
'ransomware': {'data_exfiltration': 'yes',
'ransom_demanded': "1.5% of Kido's yearly revenue (exact "
'amount undisclosed)',
'ransom_paid': 'no'},
'recommendations': ['Do not pay ransom (per Ciaran Martin, former NCSC chief)',
'Prepare for long-term data exposure risks (fraud, scams)',
'Enhance cybersecurity for childcare sector (high-value '
'target for extortion)'],
'references': [{'date_accessed': '2023-09-25',
'source': 'Sky News',
'url': 'https://news.sky.com/story/children-s-pictures-stolen-in-nursery-cyber-attack-13000000'},
{'date_accessed': '2023-09-25',
'source': 'Metropolitan Police Statement'},
{'date_accessed': '2023-09-25',
'source': "Information Commissioner's Office (ICO)"}],
'regulatory_compliance': {'regulations_violated': ['UK GDPR',
'Data Protection Act 2018 '
'(potential)'],
'regulatory_notifications': 'yes (reported to ICO)'},
'response': {'communication_strategy': 'emails to affected families, public '
'statements',
'incident_response_plan_activated': 'yes (external specialists '
'engaged)',
'law_enforcement_notified': 'yes (Metropolitan Police, ICO)',
'third_party_assistance': 'yes (cybersecurity specialists)'},
'stakeholder_advisories': 'ICO assessment in progress',
'threat_actor': 'Radiant (hacking group)',
'title': 'Cyber Attack on Kido Nursery Chain with Data Theft of Over 8,000 '
'Children',
'type': ['data breach', 'ransomware attack']}