Hackers breached the systems of Kido, a chain of London-based nurseries, and stole data and photographs of around 8,000 children, bringing to life the parents’ worst nightmare – that of having the images of their kids out in the wild and possibly on the Dark Net.
Fortunately, police have made arrests in a case that’s likely one of the most disturbing examples of cyberextortion in the past few years. We’re used to witnessing extortion leveraged against companies, but nurseries represent a new low.
The Timeline of the Kido Cyber-Attack
How the Attack Unfolded
According to the Metropolitan Police, the incident was initially reported to Action Fraud on 25 September 2025, right after Kido detected a ransomware attack.
The hackers, operating under the alias Radiant, demanded a £600,000 Bitcoin ransom and threatened to publish sensitive data unless the payment was made.
Attackers don’t usually make direct contact with the press and aim to maintain a low profile, but not Radiant. The criminals contacted the BBC’s cybersecurity desk on 22 September as they tried to generate press attention for their demands.
Their belief was likely straightforward. Put pressure on the nurseries so that they pay.
When the company refused to comply, Radiant posted a few children’s photos and personal profiles on the Dark Net, escalating pressure on parents and the organization.
What Data Was Stolen
According to Cybernews and The Guardian, the leaked materials contained photos, names, addresses, and family contact details, which prompted a nationwide investigation led by the Met’s Cyber Crime Unit.
The Human Cost of a Digital Crime
A ‘New Low’ in Cyber Extortion
The attack sparked outrage for its unprecedented targeting, which had the opposite effect by putting immense pressure on the attackers.
The hackers blurred the leaked images and issued an apology, claiming to have deleted the data. On 2 October, they published the following statement on their leak site:
“No more remains and this can comfort parents.”
It’s difficult to believe cybercriminals when they promise to have deleted the stolen information. In fact, if the information is already exposed, it can circulate indefinitely in criminal markets.
Law Enforcement Response: The Met Police Steps In
The Arrests in Hertfordshire
The official Met Police press release published on 7 October 2025 announced:
“Specialist officers conducted a proactive operation at a number of residential properties in Bishop’s Stortford, Hertfordshire, where two people were arrested on suspicion of computer misuse as well as blackmail.”
Both suspects, aged 17, were taken into custody for questioning. The operation gathered intelligence through Action Fraud, the UK’s national fraud and cybercrime reporting service.
Official Statement from the Met Police
Will Lyne, Head of Economic and Cybercrime at the Met, emphasized:
“Since these attacks took place, specialist investigators have been working at pace to identify those responsible.
We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families.
These arrests are a significant step forward, but our work continues to ensure those responsible are brought to justice.”
The investigation remains ongoing.
Protecting Families from Digital Extortion
What can you do at home to protect your loved ones
Cybercriminals often exploit vulnerabilities in cloud services, supply chains, and everyday digital platforms used by families. They will likely engage in social engineering.
Protecting your data begins with a layered defense.
- Use advanced anti-ransomware protection to block data-theft attempts in real time.
- Back up sensitive data offline or to encrypted cloud storage.
- Enable multi-factor authentication (MFA) on all accounts handling personal or child data.
- Monitor the dark web for leaks related to your personal information.
Protect your household with Bitdefender Premium Security, a comprehensive solution that combines anti-ransomware protection, data breach monitoring, and dark web alerts.
FAQ: Understanding the Kido Nursery Cyber-Attack
Who carried out the Kido nursery cyber-attack?
A group identifying itself as Radiant, reportedly operated by a couple of teenagers, claimed responsibility.
What data was stolen in the attack?
Personal information of approximately 8,000 children, including photos, addresses, and contact details.
Were the hackers caught?
Yes. Two 17-year-olds have been arrested in Bishop’s Stortford, Hertfordshire.
Did the hackers delete the stolen data?
Radiant claimed they deleted all files after public outrage, but authorities have not independently verified this. This crucial aspect remains to be clarified.