The Kido Nursery Ransomware Attack: Two Arrested

They say every cybersecurity breach is a story. But some hits a little closer to home, literally.

Recently, a ransomware attack targeted Kido, a private nursery chain in London. What makes this case chilling isn’t just that sensitive data was stolen- it’s who was affected. These threat actors went after children- the most vulnerable among us. And through them, they struck at parents, families and the nursery owners.

The information reportedly stolen wasn’t just names and numbers. It included photos of children, contact details for parents, and even sensitive safeguarding or health-related records. In the wrong hands, that kind of data can cause real emotional and psychological harm.

Even though the group behind the attack claimed to have deleted the data, experts warn that once information is leaked online, it’s nigh on impossible to guarantee it’s gone forever, we’re dealing with criminals after all.

In a rare piece of relief, authorities have arrested the suspects. Two teenagers, aged 17, were detained on suspicion of computer misuse and blackmail. They are believed to be part of a group calling themselves Radiant, who had demanded a ransom and threatened to publish more stolen data if not paid. 

While arrests don’t erase the harm, it’s a strong signal that no one, particularly those who target children, are beyond investigation.

We spoke to Chris Morton, Head of Testing at One Compliance who added:

“From a security tester’s perspective, we can see that photos, names, and addresses were taken and shared online for extortion - putting victims at real risk, both now and in the future.

Beyond privacy concerns, this kind of exposure can lead to stalking, identity theft, and fraud as children grow, and their digital footprints expand.

Anyone affected should report misuse to authorities, request data takedowns, monitor their credit, and secure their social media accounts."

Criminals don’t care who they hurt. That’s what they do. But when their actions reach into nurseries, homes, and families, the consequences are more than digital - they’re personal.

So yes, this one hit differently. And it’s up to all of us- parents, teachers, business owners, and cybersecurity professionals to make sure that the most vulnerable among us are never this exposed again.

Identifying weaknesses before they’re exploited is key to resilience. A robust testing strategy, paired with an effective incident response plan, ensures your business can respond swiftly and limit damage.

Stay informed as this story unfolds and reach out to One Compliance to ensure your defences are tested before threat actors find the gaps.