Cybercriminals, identifying themselves as the group 'Radiant,' executed a ransomware attack on the Kido nursery chain, compromising highly sensitive data of approximately 8,000 children, including their names, addresses, photographs, profiles, and safeguarding notes, as well as information about their parents and carers. The attackers published samples of the stolen data including pictures and profiles of 10 children on a darknet website to extort ransom payments. The hackers justified their actions by claiming the attack was a 'pentest' (penetration test) and demanded compensation, despite the victims being innocent children. The Metropolitan Police’s Cyber Crime Unit is investigating the incident, which has caused severe distress among families, with parents expressing outrage over the exploitation of children’s private data. The National Cyber Security Centre (NCSC) condemned the attack as 'egregious' and highlighted the vulnerability of early-years settings to cyber extortion. The breach poses long-term risks to the children’s privacy, safety, and potential exposure to identity theft or further exploitation.
TPRM report: https://www.rankiteo.com/company/kido-enterprises
"id": "kid4502045092925",
"linkid": "kido-enterprises",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '8000 children (and their '
'families)',
'industry': 'early childhood education',
'location': ['London (UK)', 'USA', 'India', 'China'],
'name': 'Kido Nursery Chain',
'type': 'private educational organization'}],
'customer_advisories': ['Parents (e.g., Bryony Wilde) expressed distress over '
"exposure of children's data.",
'Kido has not yet issued a public statement (as of '
'report).'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['images (JPEG/PNG)',
'text documents (profiles/notes)'],
'number_of_records_exposed': '8000 (children) + unspecified '
'(parents/carers)',
'personally_identifiable_information': True,
'sensitivity_of_data': "high (children's data, safeguarding "
'notes)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'photographs',
'safeguarding notes',
'parent/carer details']},
'date_publicly_disclosed': '2023-11-09T00:00:00Z',
'description': 'Cyberhackers stole information about thousands of children '
'from the Kido nursery chain, including pictures, names, '
'addresses, and safeguarding notes. The hackers, identifying '
"themselves as 'Radiant,' published some stolen data "
'(including pictures and profiles of 10 children) on the '
'darknet and are demanding ransom money. The attack targeted a '
'London-based organization, and the Metropolitan Police Cyber '
'Crime Unit is investigating. The hackers justified their '
"actions by claiming they were conducting a 'pentest' "
'(penetration test) and deserved compensation.',
'impact': {'brand_reputation_impact': ['severe damage due to exposure of '
"children's sensitive data",
'public outrage'],
'customer_complaints': ['concerns from parents (e.g., Bryony '
'Wilde)'],
'data_compromised': ["children's names",
'addresses',
'pictures',
'profiles',
"parents'/carers' information",
'safeguarding notes'],
'identity_theft_risk': ["high (children's PII exposed)"]},
'initial_access_broker': {'data_sold_on_dark_web': ['partial data (10 '
"children's "
'profiles/pictures) '
'published as proof'],
'high_value_targets': ["children's PII",
'safeguarding notes']},
'investigation_status': 'ongoing (Metropolitan Police Cyber Crime Unit)',
'motivation': ['financial gain', 'extortion'],
'ransomware': {'data_exfiltration': True,
'ransom_demanded': ["claimed by hackers to be 'not enormous' "
'(amount undisclosed)']},
'recommendations': ["Implement NCSC's guidance for early years settings "
'(e.g., secure data storage, access controls).',
'Conduct regular penetration testing *ethically* to '
'identify vulnerabilities.',
'Enhance employee training on phishing/social engineering '
'(common initial access vectors).',
'Develop a robust incident response plan for '
'ransomware/data breaches.',
'Prioritize protection of highly sensitive data (e.g., '
"children's PII) with encryption and segmentation."],
'references': [{'date_accessed': '2023-11-09',
'source': 'BBC News',
'url': 'https://www.bbc.com/news/uk-england-london-67361234'},
{'date_accessed': '2023-11-09',
'source': 'National Cyber Security Centre (NCSC)',
'url': 'https://www.ncsc.gov.uk/guidance'}],
'regulatory_compliance': {'regulatory_notifications': ['likely required under '
"UK GDPR (children's "
'data breach)']},
'response': {'communication_strategy': ['NCSC issued guidance for early years '
'settings and affected individuals',
'Kido contacted for comment (no '
'response yet)'],
'law_enforcement_notified': True,
'third_party_assistance': ['Metropolitan Police Cyber Crime Unit '
'(investigation ongoing)']},
'stakeholder_advisories': ['NCSC issued guidance for early years settings and '
'affected individuals.',
'Parents advised to monitor for potential misuse '
"of children's data."],
'threat_actor': 'Radiant',
'title': 'Ransomware Attack on Kido Nursery Chain Exposes Data of 8,000 '
'Children',
'type': ['ransomware', 'data breach', 'extortion']}