Two 17-year-old boys were arrested on October 7, 2025, in Bishop’s Stortford, Hertfordshire, after a sweeping Metropolitan Police operation linked them to a cyber-attack on the Kido nursery chain in London. The arrests, which followed weeks of mounting anxiety among thousands of parents, mark a significant moment in an unsettling saga that exposed the vulnerabilities of even the youngest and most innocent members of society to the dark world of cybercrime.
The Kido nursery attack first came to light in late September, when a hacking group calling itself Radiant stole sensitive data from the nursery chain. According to reports from Sky News and the BBC, the breach involved the names, photographs, and addresses of approximately 8,000 children, as well as contact details for parents, carers, and staff. In a chilling escalation, the hackers began posting images and profiles of some children on their darknet site, attempting to extort a ransom of about £600,000 in Bitcoin from Kido in exchange for deleting the stolen data.
The Metropolitan Police received a referral from Action Fraud, the UK’s national cybercrime reporting center, on September 25, 2025, which set the wheels of their investigation in motion. Will Lyne, the Met’s Head of Economic and Cybercrime, emphasized the urgency and gravity of the situation: “Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible. We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families. These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice.”
For the families affected, the ordeal was deeply personal. The hackers didn’t just leak information online—they actively contacted parents using the stolen details, heightening the pressure on Kido to comply with their demands. According to The Guardian and Recorded Future News, only 20 children had their images and names published online, but the threat of further exposure loomed large. The attack provoked widespread condemnation from cybersecurity professionals, law enforcement, and the public alike. Matt Hull, a former child protection detective and now head of threat intelligence at cybersecurity firm NCC Group, called the incident “a deeply disturbing shift in criminal tactics.” He warned, “Posting profiles of children and their families as proof of the hack marks a deeply disturbing shift in criminal tactics, which goes beyond financial and operational disruption. If information such as safeguarding records and home addresses of vulnerable children are leaked it can put them and their families at serious and immediate risk.”
The outrage extended beyond law enforcement circles. Several private sector organizations, alarmed by the hackers’ willingness to target children, offered assistance to the police. At least one cybersecurity company reportedly held meetings to rework its pro bono initiatives in direct response to the Kido breach. The incident underscored a growing concern in the cyber community: that even children are now within the crosshairs of increasingly brazen digital criminals.
The hackers’ behavior was erratic and, at times, contradictory. After initially posting unblurred images and profiles of children, the group appeared to bow to mounting criticism—even from within the cybercrime community itself. They blurred the uploaded images, then, on October 2, removed all stolen data from their darknet site, claiming to have deleted all 8,000 children’s files. In a message posted online, the group stated, “No more remains and this can comfort parents.” According to the BBC, the hackers even expressed remorse, telling the outlet they were “sorry for hurting kids.”
The Kido nursery chain responded with relief to the police breakthrough. A spokesperson said, “We welcome this swift action from the Met Police and recognise this is an important milestone in the process of bringing those responsible to justice. We have cooperated throughout this process with law enforcement and the relevant authorities. We remain committed to supporting police and, importantly, families, colleagues, and the wider Kido community.”
The Met Police clarified early reports regarding the age of those arrested, confirming both suspects were 17 years old. The pair remain in custody for questioning on suspicion of computer misuse and blackmail. The force emphasized that their investigation is ongoing, with further work needed to fully understand the extent of the breach and to ensure that all those responsible are held accountable.
Experts warn that the Kido case is part of a worrying trend. While some criminal collectives claim they avoid targeting hospitals, schools, or critical infrastructure, attacks on such entities are still, unfortunately, not uncommon. The AlphV ransomware group, for instance, drew similar outrage in March 2023 when it attempted to extort a healthcare network by publishing clinical photographs of patients. As Hull noted, “By threatening to release even more profiles, family details, and employee data, the criminals are putting a spotlight on the deeply disturbing nature of ransomware tactics. But this is not the first time we’ve seen cyber attacks stoop so low, and it will be far from the last.”
The Kido hack has sparked renewed debate about the adequacy of cybersecurity protections in the education and childcare sectors. The breach exposed not only the children’s sensitive data but also information about parents, carers, and staff—raising questions about how such institutions can better safeguard the information entrusted to them. The incident also highlighted the emotional toll on families, many of whom were left feeling helpless and exposed by the hackers’ actions.
In the aftermath of the breach, some cybersecurity firms have begun re-examining their community support efforts, while law enforcement agencies are calling for greater collaboration across sectors to prevent similar incidents. The Metropolitan Police have reassured the public that they are taking the matter “extremely seriously,” and that their work is far from over.
The Kido case stands as a stark reminder of the evolving risks in our increasingly digital world. As parents, educators, and children themselves become more reliant on technology, the need for robust security—and a community-wide commitment to protecting the most vulnerable—has never been clearer.
