On September 25, 2025, a chilling cyberattack sent shockwaves through families and cybersecurity experts alike, as hackers claimed to have stolen the personal details of around 8,000 children from the Kido nursery chain. The breach, which targeted the company’s London-based operations but has implications for its international network, has been described as one of the most egregious attacks in recent memory—both for its scale and its focus on society’s most vulnerable members.
Kido, a prominent nursery chain operating 18 sites in and around London and dozens more in the United States, India, and China, found itself at the center of a data breach whose fallout is still unfolding. The hackers, identifying themselves as the Radiant Group, claim to have accessed not only the names, photographs, and addresses of thousands of children, but also information about their parents, carers, and highly sensitive safeguarding notes. According to BBC News, the criminals have used this trove of data to demand a ransom from the company—and, in some cases, have even contacted families directly by phone as part of their extortion tactics.
“They are kids – their personal details shouldn’t be worth anything,” said Bryony Wilde, a parent whose child attends a Kido nursery in London, in an interview with BBC News. “You are probably prepared to go a little bit further to protect children’s privacy and personal details.” Wilde described the affected children as “completely innocent victims,” echoing the sentiments of many parents who are now grappling with the reality that their families’ information is in the hands of criminals.
The Radiant Group, which appears to be a relatively new player in the cybercrime world, has posted samples of the stolen data—including photos and profiles of ten children—on their darknet website. The group contacted BBC News directly, confirming their role in the attack and offering a glimpse into their motivations. When asked if they felt remorse for targeting a nursery and exploiting children’s data, the hackers replied that they “weren’t asking for an enormous amount” and claimed they “deserve some compensation for our pentest.” The term “pentest” refers to a penetration test, a legitimate cybersecurity exercise where ethical hackers are hired to probe an organization’s defenses. In this case, however, the attack was unauthorized and criminal in nature. “Of course” it’s about money, the hackers admitted to BBC News.
The Metropolitan Police quickly became involved after Kido reported the incident. “Met Police received a referral on Thursday following reports of a ransomware attack on a London-based organisation,” a spokesperson told The Independent. “Enquiries are ongoing and remain in the early stages within the Met’s Cyber Crime Unit. No arrests have been made.” The UK’s data regulator, the Information Commissioner’s Office, is also assessing the situation, confirming that “Kido International has reported an incident to us and we are assessing the information provided.”
Cybersecurity experts and officials have not minced words about the severity of the attack. Graeme Stewart, of the cyber-security firm Check Point, called the breach “an absolute new low.” He added, “To deliberately put children and schools in the firing line is indefensible. Frankly, it is appalling.” Jonathon Ellison, director for national resilience at the National Cyber Security Centre (NCSC), told BBC News, “The reports of highly sensitive data being stolen in a cyber incident impacting nurseries are deeply distressing. Cyber criminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act.”
The NCSC has issued bespoke guidance to help early years settings, such as nurseries, protect themselves from such attacks, as well as advice for individuals who may be concerned that their data has been compromised. “The NCSC has bespoke guidance to help early years settings, such as nurseries, protect themselves from attacks, as well as guidance for individuals who are concerned that their data has been affected by a breach,” Ellison emphasized.
As the investigation continues, parents have expressed a mix of apprehension and appreciation for how the nursery has handled the crisis. One parent, who asked to be referred to as Mary, told BBC News, “It’s not ideal of course, we would rather they had been using some sort of encryption software. The nursery told us very quickly.” Mary’s family received an email from the hackers informing them of the breach. “It was all very professional and well-written, no spelling mistakes or anything like that,” she said. “My partner actually works in cyber-security and we understand these things happen. But we do feel the nursery has handled it well.”
Despite the breach, Kido has not released a public statement or responded to media requests for comment, including from ITV News and The Standard. However, staff and parents at affected nurseries have been notified. The company’s website touts its international reach, stating, “Our international network of schools in the USA, UK, India and China ensures that we bring best practices in operations, training, curriculum and care to each school.”
The hack against Kido is the latest in a string of high-profile cyberattacks to hit the UK in recent months. Earlier this year, retailer Co-op suffered an attempted hack that cost the company £80 million, while Jaguar Land Rover faced severe disruptions to its production and sales systems after attackers breached its networks. Rebecca Moody, head of data research at Comparitech, told BBC News that the nature of the data posted online “raises alarm bells.” She warned, “We’ve seen some low claims from ransomware gangs before, but this feels like an entirely different level.” Moody stressed that the firm should contact anyone affected by the data breach “as a matter of urgency.”
Law enforcement agencies have consistently advised organizations not to pay ransoms, noting that doing so only emboldens cybercriminals and perpetuates the cycle of attacks. “Police advise not to pay ransoms as it further fuels the cyber-crime ecosystem,” the Metropolitan Police reiterated.
For families affected by the Kido breach, the coming weeks are likely to be filled with uncertainty and anxiety. The incident serves as a stark reminder of the growing sophistication and ruthlessness of cybercriminals—and the importance of robust cybersecurity, especially when it comes to protecting the most vulnerable.
As police and regulators continue their investigations, parents and cybersecurity experts alike hope this attack will be a wake-up call for organizations everywhere. When it comes to safeguarding children’s data, there’s simply no room for compromise.
