The hacking of Kido nurseries—a respected international childcare provider with locations in London, the US, India, and China—has sent shockwaves through parents, cybersecurity experts, and the wider public, exposing glaring vulnerabilities in the protection of children’s data. On October 2, 2025, a cybercriminal group calling themselves Radiant infiltrated Kido’s systems, stealing sensitive details and images of more than 8,000 children. The hackers then posted some of this information, including photos, names, and addresses, on a darknet website, demanding a ransom—reportedly as high as £600,000 in bitcoin—from the nursery chain.
According to BBC News, Radiant’s brazen attack was not just a digital heist. The criminals escalated their extortion campaign by directly contacting parents and carers with threatening phone calls, warning that the private data of their children would be posted online unless Kido paid up. The hackers’ tactics included publishing unblurred images of children on illicit forums, later blurring these photos, and eventually removing them entirely in response to mounting public outrage. As noted by Cybernews, it’s rare for hackers to walk back such threats, let alone claim to delete stolen data.
The breach was particularly alarming because it targeted the most vulnerable—children—and involved not just basic contact information, but deeply personal records such as accident and safeguarding reports and billing details. As The Guardian reported, cybersecurity analysts and parents alike were appalled. One parent described the hackers as “sinking to new depths,” while Rebecca Taylor, a researcher at Sophos, commented, “Even cybercriminals know some lines can’t be crossed. Radiant learned that stealing data belonging to children doesn’t just attract attention, it burns credibility. It erodes any legitimacy they claim, particularly as they appear to be a newly formed group.”
The response from Kido was resolute. Refusing to give in to the ransom demands, the company followed guidance from authorities that discourages ransom payments, emphasizing that such payments only fuel further criminal activity. A Kido spokesperson explained to The Guardian, “Throughout this incident we have followed guidance from the authorities that discourages ransom payments as they only fuel and incentivise further criminal activity. We continue to work closely with families, regulators, law enforcement and our cybersecurity experts to investigate and take active steps to confirm that the data is permanently deleted.”
Law enforcement agencies, including the Metropolitan Police’s Cyber Crime Unit and the Information Commissioner’s Office, launched investigations into the attack. The UK’s National Cyber Security Centre (NCSC) described the incident as “deeply distressing,” underscoring the seriousness of the breach and the potential long-term harm to affected families.
As the story unfolded, the hackers’ stance shifted. Facing fierce condemnation from the public, cybersecurity community, and even other criminals, Radiant began to backtrack. According to The Guardian, members of rival hacking groups on underground forums publicly admonished Radiant, urging them to avoid targeting children. In one exchange, a member of the Nova gang told Radiant, “reputation important, don’t attack child right,” to which Radiant replied, “have disabled any attacks relating to them, is not allowed anymore” and added, “Any data relating to under 19s who attended have been deleted.”
Ultimately, the group issued an apology, telling BBC News, “We are sorry for hurting kids.” They claimed to have deleted all the data and removed it from their leak site. Kido confirmed that the information previously published by the hackers had been taken down, and their own monitoring indicated that the criminals had indeed removed the files. However, the question of whether the data was truly and permanently deleted lingers. As Cybernews pointed out, in previous high-profile cases—such as the 2024 ransomware attack on Canadian retailer London Drugs—hackers promised to erase stolen data after receiving ransoms, only to retain or redistribute it later. “Lingering concerns about privacy look set to continue, as families and schools cannot be sure that the records are not present in another location on the dark web,” the outlet warned.
In the aftermath, the incident has ignited a broader conversation about the security of children’s data in schools and nurseries. Graeme Stewart, head of public sector at Check Point Software, described the attack as “one of the darkest” he had seen. “The horror it has generated shows just how far over the line these criminals went. For the first time in living memory, a cyber gang has backed down because of sheer public revulsion,” Stewart told Nursery World. He cautioned, though, that “the images and data taken can be copied and spread,” and called for stronger “cyber hygiene across the board.” Stewart and other experts are now urging MPs and the government to establish a “baseline level of protection for every organisation that holds children’s data.”
Meanwhile, the role of third-party software providers has come under scrutiny. Much of the stolen data was reportedly accessed through Kido’s account with Famly, a childcare management software company. Famly, for its part, denied any compromise of its platform’s security or infrastructure, as reported by the BBC. The company rejected Kido’s request to notify parents that a breach had occurred via their system, insisting their own servers were not at fault. The hackers themselves claimed they bought access from an “initial access broker” who provided hijacked login credentials—highlighting the ever-present risk of credential theft and the importance of robust access controls.
For the families affected, the ordeal has left a deep sense of vulnerability and anger. Early educator and consultant Richard Waite called the incident a “safeguarding issue,” arguing that online safety should become a statutory requirement and that early years settings should be regularly inspected for cybersecurity robustness.
The saga of the Kido hack stands as a chilling reminder of the stakes involved in digital security—especially when it concerns children. While Radiant’s rapid retreat and public apology may be unprecedented, the incident has exposed how criminal groups can test, and sometimes overstep, even the unwritten codes of the cyber underworld. As the digital footprints of children become ever more widespread, the demand for stronger protections and greater accountability grows louder. Whether this episode will lead to lasting change remains to be seen, but for now, it has forced both the industry and the public to confront uncomfortable truths about trust, technology, and the boundaries of criminality.
