For HomeFor BusinessFor Partners
Industry News Digital Privacy
3 min read

Kido Nursery Cyberattack and Children's Images Leaks Lead to Arrests in UK

Silviu STAHIE
Silviu STAHIE

October 08, 2025

Promo
Protect all your devices, without slowing them down.
Free 30-day trial
Kido Nursery Cyberattack and Children's Images Leaks Lead to Arrests in UK

Hackers breached the systems of Kido, a chain of London-based nurseries, and stole data and photographs of around 8,000 children, bringing to life the parents' worst nightmare – that of having the images of their kids out in the wild and possibly on the Dark Net.

Fortunately, police have made arrests in a case that's likely one of the most disturbing examples of cyberextortion in the past few years. We're used to witnessing extortion leveraged against companies, but nurseries represent a new low.

The Timeline of the Kido Cyber-Attack

How the Attack Unfolded

According to the Metropolitan Police, the incident was initially reported to Action Fraud on 25 September 2025, right after Kido detected a ransomware attack.

The hackers, operating under the alias Radiant, demanded a £600,000 Bitcoin ransom and threatened to publish sensitive data unless the payment was made.

Attackers don't usually make direct contact with the press and aim to maintain a low profile, but not Radiant. The criminals contacted the BBC's cybersecurity desk on 22 September as they tried to generate press attention for their demands.

Their belief was likely straightforward. Put pressure on the nurseries so that they pay.

When the company refused to comply, Radiant posted a few children's photos and personal profiles on the Dark Net, escalating pressure on parents and the organization.

What Data Was Stolen

According to Cybernews and The Guardian, the leaked materials contained photos, names, addresses, and family contact details, which prompted a nationwide investigation led by the Met's Cyber Crime Unit.

The Human Cost of a Digital Crime

A 'New Low' in Cyber Extortion

The attack sparked outrage for its unprecedented targeting, which had the opposite effect by putting immense pressure on the attackers.

The hackers blurred the leaked images and issued an apology, claiming to have deleted the data. On 2 October, they published the following statement on their leak site:

"No more remains and this can comfort parents."

It's difficult to believe cybercriminals when they promise to have deleted the stolen information. In fact, if the information is already exposed, it can circulate indefinitely in criminal markets.

Law Enforcement Response: The Met Police Steps In

The Arrests in Hertfordshire

The official Met Police press release published on 7 October 2025 announced:

"Specialist officers conducted a proactive operation at a number of residential properties in Bishop's Stortford, Hertfordshire, where two people were arrested on suspicion of computer misuse as well as blackmail."

Both suspects, aged 17, were taken into custody for questioning. The operation gathered intelligence through Action Fraud, the UK's national fraud and cybercrime reporting service.

Official Statement from the Met Police

Will Lyne, Head of Economic and Cybercrime at the Met, emphasized:

"Since these attacks took place, specialist investigators have been working at pace to identify those responsible.

We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families.

These arrests are a significant step forward, but our work continues to ensure those responsible are brought to justice."

The investigation remains ongoing.

Protecting Families from Digital Extortion

What can you do at home to protect your loved ones

Cybercriminals often exploit vulnerabilities in cloud services, supply chains, and everyday digital platforms used by families. They will likely engage in social engineering.

Protecting your data begins with a layered defense.

  • Use advanced anti-ransomware protection to block data-theft attempts in real time.
  • Back up sensitive data offline or to encrypted cloud storage.
  • Enable multi-factor authentication (MFA) on all accounts handling personal or child data.
  • Monitor the dark web for leaks related to your personal information.

Protect your household with Bitdefender Premium Security, a comprehensive solution that combines anti-ransomware protection, data breach monitoring, and dark web alerts.

FAQ: Understanding the Kido Nursery Cyber-Attack

Who carried out the Kido nursery cyber-attack?

A group identifying itself as Radiant, reportedly operated by a couple of teenagers, claimed responsibility.

What data was stolen in the attack?

Personal information of approximately 8,000 children, including photos, addresses, and contact details.

Were the hackers caught?

Yes. Two 17-year-olds have been arrested in Bishop's Stortford, Hertfordshire.

Did the hackers delete the stolen data?

Radiant claimed they deleted all files after public outrage, but authorities have not independently verified this. This crucial aspect remains to be clarified.

tags

Industry News Digital Privacy

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

How Kids Get Automatically Added Into WhatsApp Groups with Horrific Imagery Without Consent
Family Safety

How Kids Get Automatically Added Into WhatsApp Groups with Horrific Imagery Without Consent

November 24, 2025

3 min read
Scammers Exploit Hype Around Starbucks Bearista Cup to Steal Data and Money, Bitdefender Antispam Lab Warns
Scam

Scammers Exploit Hype Around Starbucks Bearista Cup to Steal Data and Money, Bitdefender Antispam Lab Warns

November 18, 2025

3 min read
Scam Alert: Fake Sephora Advent Calendar Ads and WhatsApp Messages Flood Europe in 2025
Scam

Scam Alert: Fake Sephora Advent Calendar Ads and WhatsApp Messages Flood Europe in 2025

November 17, 2025

3 min read
ClickFix Malware Chain Expands: Fake TradingView and Sora 2 Ads On Meta Now Target macOS Users
Scam

ClickFix Malware Chain Expands: Fake TradingView and Sora 2 Ads On Meta Now Target macOS Users

November 17, 2025

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Roblox Introduces Selfie-Based Age Check for Teen Users
Industry News

Roblox Introduces Selfie-Based Age Check for Teen Users
Silviu STAHIE
Silviu STAHIE

November 24, 2025

2 min read
Android ‘Quick Share’ Now Supports iOS ‘AirDrop’ – Here’s How to Use It Securely
Industry News How to

Android ‘Quick Share’ Now Supports iOS ‘AirDrop’ – Here’s How to Use It Securely
Filip TRUȚĂ
Filip TRUȚĂ

November 24, 2025

3 min read
Operation Endgame disrupts Rhadamanthys information-stealing malware
Industry News

Operation Endgame disrupts Rhadamanthys information-stealing malware
Graham CLULEY
Graham CLULEY

November 24, 2025

2 min read

Bookmarks

loader