Kido International cyberattack

From HandWiki
Short description: 2025 ransomware attack


The Kido International cyberattack was a ransomware incident disclosed in September 2025 that targeted Kido International, a multinational early-years education provider operating nurseries across Greater London and internationally. A criminal group claimed to have accessed and leaked personal data relating to about 8,000 children and staff, including photographs, dates of birth, home addresses and parent contact details.[1][2]

The incident received wide coverage in the United Kingdom and internationally, with reporting highlighting the unusual sensitivity of the compromised information and the safeguarding risks associated with data breaches involving young children.[3][4] The attack prompted guidance from the UK's National Cyber Security Centre (NCSC), and two teenagers were later arrested in connection with the incident.[5]

Background

Kido International operates nurseries across Greater London and in several international locations.[6] Early reporting indicated that the breach originated in a third-party digital platform used to store and share children's photographs and developmental information with parents.[7]

Cybersecurity research had previously identified early-years education providers as particularly vulnerable to cyberattacks due to their reliance on cloud-based communication tools, fragmented digital infrastructure and limited internal security capacity.[8][9]

Attack

The attackers claimed to have stolen data relating to approximately 8,000 children enrolled in Kido's nurseries.[10] Media outlets reported that the compromised information included children's names, photographs, dates of birth, home addresses and parental contact details.[2] Staff data was also reportedly targeted for potential publication.[4]

Sample profiles of ten children were posted on a dark web leak site. Subsequently, these profiles were removed and the hackers said that they would nott release any data relating to Kido on the dark web.[11] The group claiming responsibility also communicated directly with Sky News, threatening further data releases.[12]

Cybersecurity outlets reported that the leak site used tactics characteristic of “double-extortion” ransomware operations, including staged data releases and countdown mechanisms.[13] Such techniques have been widely documented in international threat-intelligence reporting.[14][15]

Perpetrators

Multiple news sources identified the ransomware group Radiant as the likely perpetrators, noting previous incidents targeting education, healthcare and social-care providers.[11] Reporting from cybersecurity outlets indicated that Radiant typically employed a double-extortion model: exfiltrating data, encrypting systems and threatening publication to coerce payment.[16]

Response

Kido International stated that it had notified affected families and engaged external cybersecurity specialists.[17] The breach was reported to the UK's Information Commissioner's Office (ICO).[2][18]

The National Cyber Security Centre (NCSC) issued guidance to early-years providers, highlighting systemic vulnerabilities within the sector.[19]

Academic and regulatory bodies have emphasised that breaches involving children carry heightened safeguarding risks and long-term privacy implications.[20][21][22]

Law enforcement investigation

The Metropolitan Police Service opened an investigation through its Cyber Crime Unit.[5] Two 17-year-olds were arrested on 7 October 2025 on suspicion of offences under the Computer Misuse Act 1990 and for alleged blackmail.[23][7]

See also

References

  1. "London nurseries hit by hackers, data on 8,000 children stolen". Reuters. 2025-09-26. https://www.reuters.com/world/uk/london-nurseries-hit-by-hackers-data-8000-children-stolen-2025-09-26/. 
  2. 2.0 2.1 2.2 "Children's names, pictures and addresses stolen in nursery hack". BBC News. 2025-09-25. https://www.bbc.com/news/articles/c62ldyvpwv9o. 
  3. "Hackers steal data of thousands of children after hack on London nursery chain". Evening Standard. 2025-09-26. https://www.standard.co.uk/news/london/kido-nursery-london-cyber-attack-hackers-b1161386. 
  4. 4.0 4.1 "Photos, names and addresses of children stolen in nursery cyberattack". ITV News. 2025-09-25. https://www.itv.com/news/2025-09-25/photos-names-and-addresses-of-children-stolen-in-cyberattack-on-nursery-chain. 
  5. 5.0 5.1 "Two teenagers arrested in investigation into cyber incident affecting London nurseries" (Press release). Metropolitan Police Service. 2025-10-07.
  6. "Cyber-criminals steal pictures and details of 8,000 children from nursery chain". The Guardian. 2025-09-25. https://www.theguardian.com/technology/2025/sep/25/cybercriminals-steal-pictures-and-details-of-8000-children-from-nursery-chain. 
  7. 7.0 7.1 "Teenagers arrested over cyber-attack on London nurseries". The Guardian. 2025-10-07. https://www.theguardian.com/uk-news/2025/oct/07/man-teenage-boy-arrested-kido-nurseries-cyber-attack-london. 
  8. Cyber Threat to the Education Sector (Report). National Cyber Security Centre. 2022. https://www.ncsc.gov.uk/report/academy-trust-cyber-threat. 
  9. Hosseini, S. (2024). "Ransomware Attacks in the Education Sector: Vulnerabilities and Impact". Computers & Security 131. 
  10. "London nurseries hit by hackers, data on 8,000 children stolen". Reuters. 2025-09-26. https://www.reuters.com/world/uk/london-nurseries-hit-by-hackers-data-8000-children-stolen-2025-09-26/. 
  11. 11.0 11.1 "Kido nursery hackers threaten to publish more children's profiles". The Guardian. 2025-09-26. https://www.theguardian.com/technology/2025/sep/26/kido-nursery-hackers-radiant-threaten-publish-children-profiles. 
  12. "Hackers 'behind nursery cyber attack' tell Sky News they are releasing more data on dozens of children". Sky News. 2025-09-27. https://news.sky.com/story/hackers-behind-nursery-cyber-attack-tell-sky-news-they-are-releasing-more-data-on-dozens-of-children-13438696. 
  13. "UK nursery data breach exposes 8,000 children's records". Infosecurity Magazine. 2025-09-27. https://www.infosecurity-magazine.com/news/uk-nursery-data-breach-ransomware/. 
  14. ENISA Threat Landscape 2023 (Report). European Union Agency for Cybersecurity. 2023. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023. 
  15. Ransomware Trends 2023 (Report). Cybersecurity and Infrastructure Security Agency. 2023. https://www.cisa.gov/resources-tools/resources/ransomware-guidance. 
  16. "Radiant ransomware group expands attacks to early-years providers, analysts warn". The Record. 2025-10-01. https://therecord.media/radiant-ransomware-group-profile-2025. 
  17. "Hackers claim to have stolen pictures, names and addresses of children in nursery firm cyber attack". Sky News. 2025-09-25. https://news.sky.com/story/hackers-claim-to-have-stolen-pictures-names-and-addresses-of-children-in-nursery-firm-cyber-attack-13438122. 
  18. Badshah, Nadeem (September 25, 2025). "Hackers reportedly steal pictures of 8,000 children from Kido nursery chain". The Guardian. ISSN 0261-3077. https://www.theguardian.com/technology/2025/sep/25/cybercriminals-steal-pictures-and-details-of-8000-children-from-nursery-chain. 
  19. "NCSC statement following reports of nursery data incident". https://www.ncsc.gov.uk/news/nursery-data-incident. 
  20. Age Appropriate Design Code (Report). Information Commissioner's Office. 2020. https://ico.org.uk/for-organisations/age-appropriate-design-a-code-of-practice-for-online-services/. 
  21. Livingstone, Sonia (2023). Children's Data, Privacy and Online Safety (Report). London School of Economics. https://www.lse.ac.uk/media-and-communications/research/research-projects/childrens-data-privacy-online-safety. 
  22. The Datafication of Children (Report). UNICEF Office of Global Insight and Policy. 2021. https://www.unicef.org/globalinsight/reports/datafication-children. 
  23. "Two teenagers arrested over reports of cyber attack on children's nurseries". Sky News. 2025-10-08. https://news.sky.com/story/two-teenagers-arrested-over-reports-of-cyber-attack-on-childrens-nurseries-13446690. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Kido_International_cyberattack&oldid=4228565"