A nursery cyber-attack has exposed the personal details of thousands of children and families in what experts are calling “an absolute new low” for cyber-crime.
Hackers targeted the Kido nursery chain, which runs 18 sites in and around London as well as international locations in the US and India. The attackers claim to have stolen highly sensitive data, including children’s names, addresses, photographs and safeguarding notes, along with information about parents and carers.
Some families have already reported being contacted directly by the criminals as part of their extortion attempt. The hackers, who call themselves “Radiant,” have posted samples of the stolen information online in an effort to pressure the nursery group into paying a ransom.
Children’s Data Stolen in London Hack
The Metropolitan Police and the Information Commissioner’s Office (ICO) confirmed they were investigating and our update shows there were arrests. Cyber security experts have warned that nurseries and educational establishments are becoming attractive targets for cyber criminals seeking to exploit sensitive personal information.
Why Nurseries Are Being Targeted
While large businesses and public services often dominate the headlines, this case highlights that nurseries are far from immune. Attackers are drawn to the sector for several reasons:
- Sensitive information: Children’s data, including names, photos and safeguarding notes, is highly valuable and deeply personal.
- Operational pressure: Nurseries depend on parent trust; a data breach threatens their reputation and could force quick decisions under pressure.
- Resource constraints: Many nurseries have limited IT budgets and staff, which can leave gaps in cyber security measures.
- Multiple sites: Large chains often operate across different locations, making consistent protection harder to maintain.
The Bigger Picture: Rise in Ransomware
The nursery cyber-attack on Kido is part of a wider pattern. In recent months, ransomware has disrupted some of the UK’s most recognisable organisations, including Jaguar Land Rover, M&S and the Co-op.
According to government statistics, nearly 40% of UK businesses and charities reported a cyber breach or attack in the last 12 months. Within the education sector, attacks are becoming both more frequent and more damaging, with ransomware gangs increasingly targeting schools, trusts and childcare providers.
Criminal groups see educational institutions as vulnerable compared to other sectors. Yet the data they hold, especially on children, is among the most sensitive that can be stolen.
What Parents Can Do After a Nursery Cyber Attack
For families caught up in a nursery data breach, the situation can feel overwhelming. While nurseries and schools have a duty to respond, parents and carers can also take steps to protect themselves:
- Be alert to phishing emails and phone calls – criminals may impersonate the nursery or other organisations.
- Avoid clicking links in suspicious messages – go directly to official websites instead.
- Monitor financial accounts and credit reports – check for unusual activity.
- Report any suspected fraud to Action Fraud, the UK’s national reporting centre.
- Seek advice from the nursery – they should inform you of what has been taken and what support is available.
These steps cannot undo the breach, but they can reduce the risk of criminals exploiting stolen details further.
How Nurseries Can Strengthen Cyber Security
The National Cyber Security Centre (NCSC) provides clear guidance for organisations of all sizes, including nurseries and schools. Core steps include:
- Encrypting sensitive data so that stolen files are harder to misuse.
- Using strong identity and access controls, ensuring only authorised staff can access safeguarding records.
- Training staff to spot phishing and suspicious activity.
- Applying software updates promptly to close known vulnerabilities.
- Backing up files securely in the cloud or offline.
- Monitoring systems for unusual behaviour that may signal an attack.
Cyber security doesn’t need to be complex, but it does need to be prioritised. For nurseries and childcare providers, protecting children’s data is not just a compliance issue, it is a fundamental safeguarding responsibility.
Lessons for the Wider Education Sector
The Kido case underlines an important truth: cyber criminals will attack anyone if they believe a ransom can be paid. Schools, academies and universities should not wait until an incident forces action.
Best practice includes:
- Building cyber resilience, not just prevention. That means having a tested plan for recovery if an attack does occur.
- Engaging with specialist cyber security providers who understand the risks facing education.
- Considering sector-wide initiatives, such as Cyber Essentials certification or ISO 27001 compliance.
With parents placing enormous trust in those who educate and care for their children, educational organisations must demonstrate that they are taking every reasonable step to protect data.
Update 9th October 2025 – Arrests Made in Kido Cyber Attack Investigation
The Metropolitan Police have confirmed that two 17-year-old boys have been arrested in connection with the ransomware attack on the Kido nursery chain. The suspects were detained in Bishop’s Stortford, Hertfordshire, on suspicion of computer misuse and blackmail following a referral from Action Fraud on 25 September.
Investigators believe the attack led to the theft of sensitive data, including photographs, names and addresses of around 8,000 children. Both suspects remain in custody for questioning.
Will Lyne, Head of Economic and Cybercrime at the Met, said the arrests mark “a significant step forward” in the investigation, adding that work continues to ensure those responsible are brought to justice.
Final Word – Nursery Cyber Attack
The nursery cyber-attack on Kido is deeply distressing, not just for those directly affected but for the wider education community. It shows that no organisation is “too small” or “too local” to be targeted.
For nurseries and educational establishments, the lesson is clear: safeguarding children today means more than providing care and education, it also means protecting their digital identities.
Call us today on 0333 305 5348 or use our Contact Us page to learn more about Amicis Group’s tailored support packages and how we can support your organisation.
