In a disturbing cyberattack that has sent shockwaves through the U.K. and beyond, hackers have stolen and publicly leaked sensitive data—including photos, names, and medical records—of children enrolled at Kido International, a London-based chain of nursery schools. The breach, confirmed by British authorities on September 27, 2025, marks one of the most ethically alarming ransomware incidents in recent memory due to its targeting of minors.
What Happened: A Timeline of the Attack
The hacker group calling itself “Radiant” infiltrated Kido International’s systems and began posting children’s profiles on the dark web, demanding an undisclosed ransom to halt further disclosures. According to the BBC and the U.K.’s Information Commissioner’s Office (ICO), the exposed data includes:
- Photos of children
- Full names and dates of birth
- Medical and educational records
- Parent and staff contact information
At least 10 child profiles were published initially, with threats to release 30 more—plus employee data—unless the ransom is paid [[NYT]].
Scope of the Breach
Kido International operates nurseries not only across London but also in the United States and India, raising fears the breach could affect families globally. Cybersecurity firm Check Point estimates that data on approximately 8,000 individuals—including children, parents, and staff—may have been compromised [[NYT]].
| Data Type | Exposed? | Potential Risk |
|---|---|---|
| Children’s photos | ✅ Confirmed | Identity theft, online exploitation |
| Medical records | ✅ Likely | Privacy violation, insurance fraud |
| Parent contact info | ✅ Likely | Phishing, social engineering |
| Payment details | ❓ Unconfirmed | Financial fraud (if stored) |
Official Response and Investigation
The U.K.’s Information Commissioner’s Office (ICO) confirmed it is “assessing the information provided” and emphasized that “the safety and privacy of children remains paramount” [[NYT]]. Meanwhile, London’s Metropolitan Police Cybercrime Unit has launched an investigation, though no arrests have been made as of September 27.
Kido International has not issued a public statement or responded to media inquiries, leaving affected families in limbo.
Why This Attack Stands Out
While ransomware attacks on hospitals, schools, and governments are increasingly common, targeting nursery schools—and publishing children’s photos—is unprecedented in its moral severity.
“In sheer numbers, it’s not that big of an attack. The difference is that it involves children. This is a new low.”
— Graeme Stewart, Cybersecurity Expert, Check Point Software [[NYT]]
What Parents Should Do Now
If your child attends or attended a Kido nursery, experts recommend the following immediate steps:
- Monitor communications from Kido or the ICO for official breach notices.
- Freeze children’s credit (where possible) to prevent identity theft.
- Avoid clicking suspicious links—phishing scams often follow data leaks.
- Report concerns to local law enforcement and national cybercrime units.
8,000+
People potentially affected
3 Countries
U.K., U.S., India
Ongoing
Police investigation
For more on protecting children’s digital privacy, see our guide on [INTERNAL_LINK:child-data-protection].
For official U.K. guidance on data breaches, visit the Information Commissioner’s Office.
