Español
Just when it seems cybercriminals cannot stoop any lower, a group proves otherwise.
According to the BBC, a hacking collective known as “Radiant” claims to have stolen sensitive information from Kido, a nursery chain operating in the UK, US, China, and India. Reports suggest that data belonging to nearly 8,000 children was exposed.
The stolen data allegedly includes names, photos, addresses, birth dates, parental information, medical records, and safeguarding notes. To demonstrate possession, the attackers published samples—profiles and photos of ten children—on a darknet site. They then issued a ransom demand, threatening to release more information if Kido refused to pay.
When questioned by the BBC, the group tried to justify their actions, saying they were entitled to compensation for their so-called “pentest.” However, legitimate penetration testing requires explicit authorization from the target organization or participation in a bug bounty program—not extortion.
Worse still, reports indicate that the hackers directly contacted some parents, pressuring them to urge the nursery to pay the ransom under threat of leaking their child’s data. If history is any guide, the next phase could involve targeting families individually, similar to the infamous breach of the Finnish psychotherapy provider Vastaamo. That case ended in bankruptcy for the clinic, devastating consequences for victims, and jail time for the attackers.
While Kido has not yet issued a public statement, the organization has contacted parents to confirm the incident and provide reassurance as the investigation continues.
How to Protect Yourself After a Data Breach
If you believe your information may have been exposed in a data breach, there are steps you can take to minimize risk:
- Follow the organization’s guidance: Each breach is unique. Check for official updates and follow recommended steps.
- Change your password immediately: Use a strong, unique password. A password manager can generate and store secure credentials.
- Enable two-factor authentication (2FA): Ideally, use FIDO2-compliant hardware keys or devices to prevent phishing-based attacks.
- Be wary of impersonation attempts: Attackers may pose as the breached organization. Always verify through official websites and alternate communication channels.
- Avoid rushing into responses: Phishing emails often use urgency to manipulate victims. Take your time before acting.
- Reconsider storing card details online: While convenient, storing payment data increases exposure if platforms are compromised.
- Set up identity monitoring: Proactive alerts can notify you if your information appears on illegal marketplaces, helping you act quickly.
🔒 At a time when attackers exploit even the most vulnerable targets, organizations must strengthen their cybersecurity posture and families should remain vigilant about how their data is handled and protected.
