Two 17-year-olds have been arrested in England on suspicion of carrying out a ransomware attack against Kido, a London-based nursery chain, in a case that exposed sensitive data on roughly 8,000 children. Metropolitan Police officers detained the suspects on October 7 in Bishop’s Stortford, Hertfordshire, as part of an investigation into computer misuse and blackmail tied to the incident. The arrests follow a late-September breach in which attackers stole personal details and children’s photographs and published a small sample online while issuing extortion demands.
How the Attack Unfolded
Investigators say the breach targeted Kido’s UK operations and led to the theft of names, addresses, contact details, and images associated with thousands of children and their families. To pressure payment, the attackers released a limited set of “profiles” and threatened to leak more. The group calling itself Radiant claimed responsibility and attempted to escalate the dispute by appealing directly to parents and the media.
What Police and Regulators are Probing
The Metropolitan Police Cyber Crime Unit is examining the suspects’ roles and any links to other incidents. According to multiple reports, authorities are also exploring whether the campaign connects to separate attacks claimed by Radiant against a U.S. hospital and a British food supplier. The UK’s data protection regulator has been notified, and Kido has said it is cooperating with law enforcement while providing support to affected families.
Where the Leaked Data Stands Now
In early October, the group’s leak site appeared to remove the posted material after widespread condemnation, but investigators warn that prior exposure can still pose lasting risks. Even if files are deleted from a public portal, stolen data may persist in private caches or criminal marketplaces, leaving victims susceptible to fraud and harassment.
Why This Case is Different
Ransomware operations typically focus on businesses and governments. Targeting a childcare provider, combined with the publication of children’s photographs, marks an especially alarming escalation in tactics. The case underscores persistent gaps in third-party software configurations and identity management at small to midsize providers, where data about minors can be concentrated yet protections are uneven.
What Families and Schools Can Do Next
Parents and carers impacted by the breach should monitor credit reports where available, watch for phishing that references nursery details, and consider placing protective measures such as fraud alerts. For childcare providers and schools, immediate priorities include rotating credentials, tightening access to parent-communication platforms, implementing multi-factor authentication, and preparing clear notification and support plans for guardians.