Cybercriminals have struck at the heart of early childhood education in London, breaching the sensitive data of more than 8,000 children enrolled at Kido International nurseries. The attack, claimed by a group calling itself Radiant, was revealed on September 27, 2025, after the hackers posted names, photos, home addresses, and family contact details of ten children as proof of their incursion. The group has threatened to publish the profiles of thirty more children and data on one hundred employees unless their demands are met—a chilling escalation that has sent shockwaves through the childcare and education sectors.
According to Reuters, the Metropolitan Police Cyber Crime Unit confirmed that investigations are in their early stages and, as of the end of September, no arrests have been made. Kido International, which operates eighteen nurseries across Greater London, has yet to issue a public comment on the breach, despite growing concern from families and staff. The company, backed by private investors and known for its digital learning tools and app-based parent communication platforms, now finds itself at the center of one of the most serious childcare data breaches in recent British history.
The Radiant group, which claims—without providing evidence—to be based in Russia, boasted that it had infiltrated Kido’s systems for weeks. In a post on its dark web leak site, Radiant wrote, “Next steps for us will be to release 30 more 'profiles' of each child and 100 employees.” The hackers have not disclosed the ransom amount they are demanding, but their actions follow a disturbing trend of cybercriminals targeting vulnerable sectors such as childcare and education for financial gain.
Jonathon Ellison of the UK’s National Cyber Security Centre (NCSC) did not mince words in his assessment of the situation. “Cybercriminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act,” Ellison stated, as reported by Reuters. His comments echo a growing sentiment among cybersecurity professionals that the stakes are higher than ever when it comes to safeguarding data in environments where children’s welfare is at risk.
While the hackers’ claims of Russian origin remain unverified, their tactics are all too familiar. Ransomware attacks—where criminals encrypt a company’s data and demand payment for its release—have surged in the UK throughout 2025. High-profile incidents have hit major businesses, including Jaguar Land Rover suppliers, Collins Aerospace, and the retail giant Marks & Spencer. The latter estimated a staggering £300 million hit to its operating profit for the 2025-26 fiscal year due to a cyberattack that crippled its online operations for weeks.
The Kido breach, however, stands out for its focus on the youngest and most vulnerable members of society. The hackers’ decision to post photos and birth dates of children, along with staff passport details, has heightened fears about the potential misuse of this information. Experts, however, have attempted to tamp down panic, suggesting that the direct risk to children remains low at this stage. Nevertheless, the mere exposure of such data has left families deeply unsettled.
Police and cybersecurity experts have issued clear guidance in the wake of the attack: do not pay the hackers. Instead, parents, staff, and partner organizations are being urged to change passwords, stay vigilant for suspicious activity, and report any unusual contacts. As one expert noted, the attack underscores the urgent need to strengthen cybersecurity measures in educational institutions—a sector that, until recently, may have underestimated its attractiveness to cybercriminals.
Kido International, for its part, has built its reputation on integrating technology into early-years education. The company’s platforms streamline enrollment, provide daily updates, and enable parents to track their children’s progress. Kido has also invested in staff training and data-driven educational practices to boost classroom engagement and operational efficiency. Yet, as this incident demonstrates, the very digital tools that enhance learning and communication can become points of vulnerability if not adequately protected.
The breach has also reignited debate about the responsibilities of private companies in safeguarding personal data, especially when it comes to children. Kido, which has received venture funding to expand its operations in the UK, United States, and India, does not publicly disclose the names of its technology partners tasked with preventing cybersecurity incidents. This lack of transparency has drawn criticism from some quarters, with parents and advocates demanding clearer information about what steps are being taken to prevent future breaches.
Meanwhile, the Metropolitan Police Cyber Crime Unit continues its investigation, with officers combing through digital evidence in hopes of tracing the origins of the attack. "Enquiries are ongoing and remain in the early stages within the Met's Cyber Crime Unit," a police spokesperson confirmed, according to Reuters. The absence of arrests so far highlights the challenges law enforcement faces in tracking cybercriminals who often operate across borders and behind layers of digital anonymity.
The broader context is sobering. Ransomware gangs have become increasingly brazen, targeting not only high-profile corporations but also essential services and vulnerable populations. In the past year alone, attacks have disrupted supply chains, snarled airport operations, and forced businesses to reckon with the reality that no sector is immune. A government source told Reuters that the British government is even considering financial support for carmaker Jaguar Land Rover’s suppliers after a cyberattack caused a protracted shutdown.
For families affected by the Kido breach, the immediate concern is the safety and privacy of their children. The release of home addresses and contact details raises fears about identity theft, scams, or even more sinister possibilities. While experts maintain that the direct risk to children is currently low, they stress the importance of vigilance. Parents are being advised to monitor their personal data, change passwords, and be alert for phishing attempts or suspicious contacts—measures that, while necessary, offer cold comfort in the face of such a violation.
The incident has also prompted calls for a broader reassessment of cybersecurity in the education sector. As digital tools become ever more integrated into classrooms and administrative processes, the need for robust data protection measures grows more pressing. The Kido attack may serve as a wake-up call, not only for childcare providers but for all institutions entrusted with sensitive personal information.
As the investigation unfolds and families grapple with the consequences, one thing is clear: the landscape of cyber threats is evolving, and the stakes have never been higher for those responsible for protecting the youngest among us.