The UK-based nursery chain Kido suffered a severe data breach executed by the hacker group Radiant, which stole sensitive personal data of over 8,000 children and their families, including names, birth dates, addresses, phone numbers, accident reports, safeguarding records, and billing information. The attackers leaked 10 children’s full profiles on the dark web and threatened to release dozens more child profiles and 100 employee records unless a ransom was paid. The breach originated from two third-party systems, though one vendor, Famly, denied any compromise in its infrastructure. Radiant warned Kido of staged data leaks to 'ruin their entire company' if demands were unmet. Parents reported receiving direct extortion calls, escalating fears. The incident involved highly sensitive child data, making it one of the most morally contentious cyberattacks targeting educational institutions. Authorities, including the ICO, Ofsted, and Metropolitan Police, are investigating, while Kido collaborates with forensic experts to mitigate the fallout.
Source: https://techhq.com/news/hackers-threaten-to-leak-more-nursery-data-after-breach/
TPRM report: https://www.rankiteo.com/company/kidousa
"id": "kid2132121092925",
"linkid": "kidousa",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Over 8,000 children and their '
'families, 100 employees',
'industry': 'Early childhood education',
'location': ['UK (18 nurseries in London)',
'US',
'India',
'China'],
'name': 'Kido',
'type': 'Nursery chain'},
{'customers_affected': 'Kido (no other customers '
'confirmed affected)',
'industry': 'Education technology',
'name': 'Famly',
'type': 'Third-party software provider'}],
'attack_vector': ['third-party software vulnerability',
'social engineering (threatening calls to parents)'],
'customer_advisories': ['Direct notifications to families with confirmed '
'affected data'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['child profiles',
'accident reports',
'contact details',
'billing records'],
'number_of_records_exposed': 'Over 8,000 (children) + 100 '
'(employees)',
'personally_identifiable_information': ['names',
'birth dates',
'places of birth',
'addresses',
'phone numbers'],
'sensitivity_of_data': "High (children's PII, safeguarding "
'records)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'safeguarding reports',
'billing information']},
'description': 'Hacker group Radiant breached Kido, a UK nursery chain, '
'stealing sensitive data of over 8,000 children and 100 '
'employees. The group leaked personal details of 10 children '
'on the dark web and threatened to release more unless a '
'ransom is paid. The breach occurred via third-party systems, '
'including the Famly platform, though Famly denied any breach '
'in their infrastructure. Kido is cooperating with '
'authorities, including the ICO, Ofsted, and the Metropolitan '
'Police.',
'impact': {'brand_reputation_impact': "Severe (targeting children's data, "
'negative media coverage, loss of '
'trust)',
'customer_complaints': ['Parents reported receiving threatening '
'calls',
'concerns over lack of direct '
'communication from Kido'],
'data_compromised': ["children's personal details (names, birth "
'dates, places of birth)',
'family contact details (addresses, phone '
'numbers)',
'accident and safeguarding reports',
'billing information'],
'identity_theft_risk': "High (children's and families' PII "
'exposed)',
'legal_liabilities': ['Potential GDPR violations',
'investigation by ICO, Ofsted, and '
'Metropolitan Police'],
'operational_impact': 'Ongoing investigation, potential lengthy '
'disruption, reputational damage',
'payment_information_risk': 'Moderate (billing information '
'compromised)',
'systems_affected': ['third-party systems (Famly and one other)',
"Kido's internal systems (indirectly via "
'third-party breach)']},
'initial_access_broker': {'data_sold_on_dark_web': ["10 children's profiles "
'leaked',
'threat to leak more'],
'entry_point': 'Third-party systems (Famly and one '
'other)',
'high_value_targets': ["children's data",
'employee data',
'safeguarding reports']},
'investigation_status': "Ongoing (described as 'complex' and 'potentially "
"lengthy')",
'motivation': 'Financial gain (ransom extortion)',
'post_incident_analysis': {'root_causes': ['Third-party software '
'vulnerabilities',
'potential lack of oversight on '
'third-party security']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'references': [{'source': 'The Guardian'}, {'source': 'BBC'}],
'regulatory_compliance': {'legal_actions': ['Investigation by ICO, Ofsted, '
'and Metropolitan Police'],
'regulations_violated': ['Potential GDPR '
'non-compliance'],
'regulatory_notifications': ['ICO',
'Ofsted',
'Metropolitan Police']},
'response': {'communication_strategy': ['Email to parents from Kido UK CEO',
'cooperation with media (The '
'Guardian, BBC)',
'limited direct communication '
'reported by parents'],
'containment_measures': ['Investigation launched',
'relevant authorities and families '
'notified'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['external IT forensic experts',
'ICO',
'Ofsted',
'Metropolitan Police']},
'stakeholder_advisories': ['Email to parents from Kido UK CEO Catherine '
'Stoneman',
'cooperation with ICO, Ofsted, and Metropolitan '
'Police'],
'threat_actor': 'Radiant (hacker group)',
'title': 'UK Nursery Chain Kido Data Breach by Radiant Hacker Group',
'type': ['data breach', 'extortion', 'ransomware threat'],
'vulnerability_exploited': 'Third-party systems (Famly platform and one other '
'unnamed system)'}