Kido, a UK-based nursery business, was targeted by a hacking group named Radiant, which gained unauthorized access to the company’s systems after an initial access broker sold the entry point. The attackers published children’s personal data online, including sensitive profiles, sparking public outrage. While the hackers later deleted the stolen data following backlash, the breach exposed highly vulnerable information—children’s details—posing risks of identity theft, fraud, or further exploitation. The attack was opportunistic, leveraging common cybercrime tactics like phishing or credential theft, rather than a targeted campaign. The incident underscores the education sector’s vulnerability, particularly in organizations handling sensitive data with limited cybersecurity resources. The UK government’s broader data reveals that nine out of 10 higher education institutions and a majority of schools face similar threats, with ransomware and data breaches becoming systemic risks. Kido’s case highlights the reputational damage, emotional distress to families, and potential long-term trust erosion in institutional data protection.

The UK-based nursery chain Kido suffered a severe data breach executed by the hacker group Radiant, which stole sensitive personal data of over 8,000 children and their families, including names, birth dates, addresses, phone numbers, accident reports, safeguarding records, and billing information. The attackers leaked 10 children’s full profiles on the dark web and threatened to release dozens more child profiles and 100 employee records unless a ransom was paid. The breach originated from two third-party systems, though one vendor, Famly, denied any compromise in its infrastructure. Radiant warned Kido of staged data leaks to 'ruin their entire company' if demands were unmet. Parents reported receiving direct extortion calls, escalating fears. The incident involved highly sensitive child data, making it one of the most morally contentious cyberattacks targeting educational institutions. Authorities, including the ICO, Ofsted, and Metropolitan Police, are investigating, while Kido collaborates with forensic experts to mitigate the fallout.