Ransomware gang begins exposing data of 8,000 children stolen from Kido International Nurseries

A cybercrime group calling itself "Radiant" has begun leaking the sensitive personal data of thousands of children and their families after a ransomware attack on the global nursery chain Kido International. The attack, which targeted systems used by the chain's UK locations, primarily around London, has been described by security experts as a new ethical low in cybercrime.

Scope of the breach and data exposed

The hackers claim to have compromised information relating to approximately 8,000 children across Kido's international operations, which include nurseries in the UK, US, India, and China. To pressure the company into paying a ransom, the group has posted a sample of the stolen data on the dark web, including:

Children's Details: Names, photographs, dates of birth, and home addresses.

Family Information: Contact details for parents and carers.

Sensitive Notes: Medical information and safeguarding reports.

The Metropolitan Police's Cyber Crime Unit has launched an investigation into the ransomware attack, and the Information Commissioner's Office (ICO) has confirmed it is assessing the incident after being reported by Kido International.

Direct extortion and hacker's justification

In a deeply concerning development, reports indicate that the cybercriminals have directly contacted some parents, urging them to put pressure on Kido International to meet the ransom demands. The threat is clear: pay the ransom, or more of the children's private data will be publicly leaked.

In communication with the BBC via the encrypted messaging app Signal, the cybercriminals had a stark justification for their distressing actions.

When asked if they felt remorse, the group replied: "We do it for money, not for anything other than money." They went on to admit their criminal status, stating, "I'm aware we are criminals. This isn't my first time, and will not be my last time."

However, the immense public and media attention generated by the attack on a pre-school chain appears to have had an impact, as they added that they would not be targeting pre-schools again. The group has since deleted its Signal account.

Future outlook

Authorities and experts are urging all educational institutions to review and significantly strengthen their cybersecurity protocols. Families affected by the breach are advised to remain vigilant against potential fraud and identity theft and to follow guidance provided by national cybersecurity centers. Ciaran Martin, former head of the National Cyber Security Centre, stressed that even if a ransom is paid, "This data is not coming back," as hacking groups rarely delete stolen information and often sell it on.