In a chilling escalation of cybercrime, a hacking group known as Radiant has breached the Kido nursery chain, compromising the personal data of thousands of children and their families. According to reports from the BBC and CNN, the hackers have already published profiles and photographs of 20 children online and are threatening to release even more sensitive information unless a ransom is paid. The incident, which came to light in late September 2025, has sent shockwaves through the childcare community and raised urgent questions about digital security in sectors entrusted with society’s most vulnerable members.
The attack unfolded with disturbing speed. On Thursday, September 25, 2025, Radiant posted the profiles of 10 children online, following up with 10 more the next day. But the threat extends far beyond these initial victims. The hackers claim to possess data on more than 8,000 children enrolled in Kido nurseries across the UK, US, China, and India, as well as the personal details of dozens of employees—including names, addresses, national insurance numbers, and contact information (BBC, PA Media, Cybernews).
The breach occurred when criminals accessed data hosted by Famly, a widely used software service in the childcare sector. Famly is trusted by over one million owners, managers, practitioners, and families globally. In a statement to the BBC, Famly’s CEO Anders Laustsen condemned the attack, calling it “a truly barbaric new low, with bad actors trying to expose our youngest children’s data to make a quick buck.” He emphasized, “We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly’s security or infrastructure in any way and no other customers have been affected. We of course take data security and privacy extremely seriously.”
The hackers’ site reportedly contains a gallery displaying nursery pictures, dates of birth, birthplaces, living arrangements, and contact details of the children. The criminals have also published private information about Kido staff. The intent is clear: extortion. Radiant has demanded a ransom from Kido, threatening to release even more data—including safeguarding notes and medical information—if their demands are not met (BBC, Cybernews).
What sets this attack apart is the hackers’ brazen outreach to individual parents. Several parents have reported receiving threatening phone calls from Radiant, urging them to pressure Kido into paying the ransom. One mother, who wished to remain anonymous, described the call as “threatening” and said the hackers told her they would post her child’s information online unless she intervened. Another parent, Stephen Gilbert, told the Today programme on BBC Radio 4, “The revelation the children’s details could have been put on the dark web, that’s very concerning and alarming for me.”
Sean, a parent at the Kido nursery in Tooting, offered a different perspective, expressing sympathy for the staff caught in the crossfire. “We’re in the digital age now where everything’s online and I think you go into this knowing that there is a risk that at some point this could happen,” he told BBC News. “Any parents that are getting angry should probably direct their anger towards the scumbags that have actually done it. You only see the people that run your nursery, and all of them are great. And these poor people are the ones getting the brunt of it on the front line.”
The hackers themselves, communicating via the encrypted messaging app Signal, admitted to the BBC that English is not their first language and claimed they had hired people to make the threatening calls. Their motivation was bluntly stated: “We do it for money, not for anything other than money.” They added, “I’m aware we are criminals. This isn’t my first time and will not be my last time.” However, they conceded that the intense scrutiny following this breach means they will not target pre-schools again, and have since deleted their Signal account, making further contact impossible.
Law enforcement agencies have been quick to respond. The Metropolitan Police confirmed to CNN that they received a referral on September 25, 2025, following reports of a ransomware attack on a London-based organization. The Cyber Crime Unit is leading the investigation, though no arrests have been made as of yet. Kido has not issued a public statement but is reportedly working with authorities and has contacted parents to confirm the breach and offer reassurance.
The National Cyber Security Centre (NCSC), the UK’s technical authority for cyber security, described the incident as “deeply distressing.” Jonathon Ellison, NCSC director for national resilience, stated, “Cyber criminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act.” The NCSC has provided tailored guidance to help early years settings protect themselves from such attacks.
Cybersecurity experts warn that the type of data stolen—including names, addresses, photos, dates of birth, and even medical or safeguarding notes—could enable stalking, harassment, or targeting of already vulnerable families. Mantas Sabeckis, an infosecurity researcher at Cybernews, drew parallels to previous high-profile extortion cases, noting, “When hackers go after hospitals, schools, or in this case nurseries, it feels like the lowest of the low.” He referenced the 2020 breach of the Finnish psychotherapy clinic Vastaamo, which ended in bankruptcy and tragic consequences for some victims.
Police and cybersecurity authorities strongly advise against paying ransoms, warning that doing so only fuels the criminal ecosystem. The former head of the National Cyber Security Centre, Ciaran Martin, called the actions of Radiant “absolutely horrible” but urged calm, stating, “The hackers are trying to stoke up fear and the risk of physical harm to children is extremely low.”
For affected families, the breach has brought anxiety and uncertainty. Bryony Wilde, whose child attends a Kido nursery in London, expressed her frustration to the BBC: “They are kids – their personal details shouldn’t be worth anything. You are probably prepared to go a little bit further to protect children’s privacy and personal details.”
Kido, which describes itself as a global network of nurseries owned and operated by parents from around the world, now finds itself at the center of a debate about digital safety in early childhood education. As the investigation continues, the incident stands as a stark warning about the risks posed by cybercriminals and the urgent need for robust data protection in all sectors, especially those serving society’s youngest members.
For now, families and staff are left waiting—hoping that authorities can bring the perpetrators to justice and that their children’s data will not be further exploited in the digital underworld.
