Key Takeaway: Cybercriminal group “Radiant” has stolen sensitive data from 8,000 children at London’s Kido nursery chain, publishing children’s photos and personal information on the dark web while making direct threats to parents demanding ransom payment.
- 10 children’s profiles already published online, with threats to release 30 more children’s data plus 100 employees’ information.
- UK businesses face increasing ransomware incidents targeting critical sectors including education and healthcare.
Cybercriminals calling themselves the “Radiant Group” have stolen sensitive personal data from approximately 8,000 children attending nurseries operated by London-based Kido International, publishing photos and profiles of 10 children on the dark web as part of an aggressive extortion campaign.
The attack represents what cybersecurity experts are calling “an absolute new low” in cybercrime, with hackers specifically targeting toddlers and young children in what appears to be the first major ransomware attack aimed at nursery-age children’s data.
The hackers have escalated their intimidation tactics by making direct phone calls to parents, demanding they pressure Kido International to pay the ransom or face having their children’s information published online. One anonymous mother told the BBC she received a “threatening” call from the criminals, who warned they would leak her child’s data if the nursery refused to pay.
“They are calling parents directly, telling them to put pressure on the nursery chain to pay the ransom demand, or they’ll leak their child’s data,” according to BBC reports. The hackers have indicated they plan to release profiles of 30 additional children and 100 employees imminently, including “full names, national insurance numbers, dates of birth, full addresses, employment start dates, and email addresses”.
The compromised information includes children’s names, photographs, birth dates, home addresses, parents’ contact details, medical records, and safeguarding notes that document which children might be vulnerable. The hackers accessed the data through Famly, a software service commonly used by nurseries and childcare providers that serves over one million users globally.
Famly CEO Anders Laustsen condemned the attack as “a truly barbaric new low” and confirmed that their security infrastructure remained intact with no other customers affected. The breach occurred when hackers infiltrated Kido’s systems and accessed data stored on the platform over several weeks.
Kido International, which operates 18 nurseries across London and one in Windsor, plus additional facilities in India, China, and the United States, has not issued public statements but has contacted parents to confirm the incident. The company serves over 15,000 families globally and has been rated among the top 20 nursery groups in the UK.
The Metropolitan Police confirmed they received a referral on Thursday, September 25, following reports of the ransomware attack, with investigations ongoing through their Cyber Crime Unit. No arrests have been made to date. The Information Commissioner’s Office has also confirmed receiving Kido’s breach notification and is “assessing the information provided”.
Cybersecurity professionals have expressed unanimous outrage at the attack’s targeting of children. Graeme Stewart from Check Point Software described it as “the most outrageous attack” in terms of morals, noting that while “it’s not a massive attack in terms of sheer numbers, the distinction is that it targets children. That’s a new low; I’ve never seen anything like it”.
Alan Woodward, computer scientist at the University of Surrey, stated: “Just when you think cybercriminals can’t sink any lower, we see this kind of attack. Having seen the news that a death had occurred from the London hospital attack last year, then you see this, you wonder if these people are amoral or just plain evil”.
Dray Agha from Huntress Security called it “a reprehensible erosion of any remaining boundaries in the cybercriminal ecosystem,” noting that “by weaponizing the personal data of infants and toddlers, this group has sunk to a depth that even other threat actors may condemn”.
The attack comes amid a surge in cybercrime targeting the UK education sector, with recent data showing that 97% of higher education institutions experienced cyber breaches in the previous 12 months, while 86% of further education colleges and 71% of secondary schools were also affected.
Globally, ransomware attacks against educational institutions increased 23% year-over-year in the first half of 2025, with average ransom demands reaching $556,000. The education sector has become the fourth-most targeted industry for ransomware attacks, with 130 confirmed incidents in the first half of 2025.
Earlier this year, West Lothian Council suffered a ransomware attack affecting 13 secondary schools, 69 primary schools, and 61 nurseries. The PowerSchool breach in December 2024 exposed data from 62.4 million students and 9.5 million educators, making it the largest breach of American children’s personal information to date.
The Radiant Group appears to be a new cybercriminal organization making their debut with this high-profile attack targeting children. When contacted by media outlets, the hackers defended their actions, claiming they “deserve some compensation for our pentest” and weren’t “asking for an enormous amount”.
The criminals typically demand 1.5% of a company’s yearly revenue as ransom payment. They claim to be based in Russia but provided no evidence to support this assertion. The group operates through encrypted messaging platforms and has hired individuals to make threatening phone calls to parents.
Jonathon Ellison, director for national resilience at the National Cyber Security Centre, characterized the incident as “deeply distressing,” stating: “Cybercriminals will target anyone if they think there is money to be made, and going after those who look after children is particularly egregious”.
Culture Minister Ian Murray assured the public that “the full force of government and full force of the justice system” would be deployed to pursue those responsible. Former NCSC CEO Ciaran Martin warned that even if the nursery pays the ransom, the data would not be deleted, as “they never do”.
The attack has prompted renewed calls for stronger cybersecurity measures across the childcare sector, with experts noting that nearly one in four UK nurseries have reported cyber security breaches in the past 12 months. The incident highlights the vulnerability of organizations processing children’s data and the urgent need for enhanced protection measures.
Sources: BBC News, Reuters, The Guardian, CNN, Sky News, ITV News, The New York Times, and various cybersecurity industry publications.
Read Next 👇