.svg)
Kido Nursery Chain Attacked as Hackers Demand Payout, Allegedly Contacting Parents Directly to Extort Money-A cyber attack of shocking depravity has targeted the Kido nursery chain, with hackers claiming to have stolen sensitive personal data, including pictures, full names, home addresses, and safeguarding notes for approximately 8,000 children.
The cyber criminals, who publicly disclosed their actions to the BBC, are demanding a ransom from the company, which operates 19 UK sites—18 in Greater London and one in Windsor—alongside nurseries in India, China, and the US.
Exploiting Vulnerability for Extortion-The hackers claim they possess extremely sensitive files, including details about the children's parents and carers, and even safeguarding notes, indicating a deep breach of the company’s internal database.
The attackers have allegedly gone a step further than typical ransomware demands by contacting some parents directly by phone in an attempt to extort money, adding a terrifying layer of personal threat to the crime.
The criminals admitted their motivation was financial, telling the BBC they "weren't asking for an enormous amount" and "deserve some compensation for our pentest"—a cynical reference to a penetration test, or simulated attack, which they now claim to have carried out.
The Scale of the Breach-The Kido nursery chain caters to children as young as six months old, and its London locations include central sites like Waterloo and Clerkenwell, as well as affluent areas such as Chiswick and Fulham, where fees can reach an estimated ÂŁ2,000 a month.
Reacting to the crime, cybersecurity expert Graeme Stewart, Head of Public Sector at Check Point Software, condemned the attack, calling it an "absolute new low."
"The use of children's images and details takes it to a shocking level," Stewart stated. "Cybercriminals are driven by money, not morals... To deliberately put children and schools in the firing line... is indefensible. Frankly, it is appalling."
The attack mirrors a familiar ransomware playbook: break in, steal data, and deploy the ransom demand. However, the targeting of a children's database has drawn widespread outrage, highlighting that no sector, no matter how sensitive, is safe from modern cybercrime.
Kido has not issued a public statement on the claims, though an employee has confirmed notification of a data breach. The incident adds to a troubling week of cyber disruption, following attacks that caused a loss of ÂŁ80 million for the Co-operative Group and forced the halt of production at Jaguar Land Rover suppliers.
