Two people have been arrested following a serious cyberattack targeting a well-known nursery chain in the UK, where sensitive data belonging to thousands of children was stolen and used for blackmail.
Hackers Leak Child Data to Dark Web
Two men, aged 17 and 22, were apprehended in Bishop’s Stortford, Hertfordshire, on suspicion of blackmail and computer misuse offences, according to the Metropolitan Police. Both remain in police custody as investigations continue.
The cyberattack targeted Kido, a major nursery chain, where hackers allegedly stole the personal details and photographs of approximately 8,000 children. The perpetrators then used this stolen data to demand ransom from the nursery group.
The group claiming responsibility, believed to go by the name Radiant, has reportedly uploaded stolen material, including photographs and child profiles, to a site on the dark web.
“Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible.
We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families.
These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice,” said Will Lyne of the Metropolitan Police.
Ransom Demand and Worrying Fallout
BBC News, which first exposed the story, reported direct contact with the hackers. They had challenged the group over the ethics of using children’s data for blackmail, to which the criminals replied that they “weren’t asking for an enormous amount” and claimed they “deserve some compensation for our pentest.”
A pentest, or penetration test, is typically carried out by authorised cybersecurity professionals to evaluate an organisation’s digital security systems. However, this unauthorised intrusion is being investigated as a criminal offence, not ethical hacking.
Sensitive Data Potentially at Risk
The stolen information reportedly includes:
- Child photographs and profiles
- Names and details of parents and carers
- Confidential safeguarding notes
This has raised serious concerns about the safety and privacy of children and their families.
A Wake-Up Call for Childcare Providers
This breach has sparked alarm within the early education sector. Nurseries, often considered soft targets, are now under pressure to tighten cybersecurity protocols.
In the digital age, even preschool institutions are not immune to such threats. Experts warn that child-related data is increasingly valuable on the black market, especially when linked to family details and safeguarding reports.
This disturbing incident serves as a stark reminder that organisations handling sensitive personal data, no matter their size or sector, must invest in robust cyber protection.
More updates are expected as the Metropolitan Police continue their investigations into what is being described as one of the most distressing data breaches involving children in recent years.
Parents with children enrolled at Kido have been urged to remain vigilant and report any suspicious activity relating to their personal or financial information.
The UK News Blog will continue to follow this developing story.
