Nursery Chain Kido Hit by Ransomware Attack; Children’s Data Threatened

A cybercriminal group calling itself Radiant has threatened to publish sensitive data belonging to thousands of children and employees associated with the UK-based Kido nursery chain unless a ransom is paid. The breach, which came to light on Thursday, underscores the growing vulnerability of childcare facilities to increasingly sophisticated cyberattacks.

The Scope of the Breach

Radiant claims to have compromised data on over 8,000 children and their families, including names, dates of birth, birthplaces, and contact information for parents, grandparents, and guardians. The group has already posted profiles of 10 children online and has outlined a “data leakage roadmap” indicating plans to release 30 more profiles per child, alongside the private data of 100 employees. This data includes sensitive records such as accident reports, safeguarding information, and billing details, affecting all Kido nurseries across the UK.

According to a cybersecurity industry briefing, Radiant is a relatively new player in the cybercrime landscape, demonstrating a willingness to “test the boundaries of morality and depravation.” While the group exhibits a proficient command of English, analysts note a “slight awkwardness” in phrasing, suggesting a possible non-Western origin.

Extortion Tactics and Demands

The criminals are actively attempting to negotiate with Kido, threatening to “ruin their entire company” through a staged release of stolen data. One parent reported receiving a threatening phone call demanding they pressure Kido to pay the ransom. “They said they would post my child’s information online unless I made Kido pay,” the parent told the BBC.

Kido UK’s chief executive, Catherine Stoneman, stated in an email that the incident is being treated “with the highest priority,” and the company is working with authorities, including the Information Commissioner’s Office, Ofsted, and the Metropolitan Police. Stoneman attributed the breach to vulnerabilities in “two third-party systems used to process certain data.” She added that families whose information has been confirmed as compromised have already been contacted.

Famly’s Response

The breach reportedly originated through data hosted by Famly, a software service widely used by nurseries to share photos and information with parents. However, Anders Laustsen, Famly’s chief executive, insists there was no breach of their security infrastructure. “We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly’s security or infrastructure in any way and no other customers have been affected,” Laustsen stated.

Parental Concerns and the Broader Threat Landscape

Parents are expressing concern and confusion over the selective nature of the data breach. “How have they got details on just certain kids and not everyone – that’s the bit that’s not making loads of sense,” said Sean, a parent at a Kido nursery in Tooting. Despite the risk, some parents acknowledge the convenience of apps like Famly, with Sean noting he feels “sorry for the nursery staff who are getting the brunt of complaints.”

This incident highlights a growing trend of cyberattacks targeting vulnerable sectors. Law enforcement agencies advise against paying ransoms, as it fuels the criminal ecosystem. Recent high-profile victims include the Co-op, Marks & Spencer, and Jaguar Land Rover, with many attacks attributed to the English-speaking cybercriminal community known as Scattered Spider. The Marks & Spencer hack, for example, involved ransomware – a common tactic employed by Russian-speaking cyber gangs.

Criminals’ Motivation and Future Targets

The BBC engaged with the criminals via the messaging app Signal, learning that their primary motivation is financial gain. “We do it for money, not for anything other than money. I’m aware we are criminals. This isn’t my first time and will not be my last time,” one of the criminals stated. They also indicated they would likely avoid targeting preschools in the future due to the increased attention.

This attack serves as a stark reminder of the escalating threat posed by cybercriminals and the critical need for robust data security measures, particularly when dealing with sensitive information pertaining to children and families.