Two 17-year-old boys have been arrested in connection with a cyberattack on Kido, a London-based nursery chain. The incident involved the theft and online exposure of sensitive data from approximately 8,000 children, prompting widespread concern and a swift response from the Metropolitan Police.
The arrests were made on the morning of Tuesday, October 8, during coordinated police raids at residential properties in Bishop’s Stortford, Hertfordshire. According to the Metropolitan Police, both teenagers are being held on suspicion of computer misuse and blackmail. They remain in custody as investigations continue.
The cyberattack on Kido nurseries, first reported to Action Fraud on September 25, has been described as one of the most disturbing examples of digital extortion involving children’s data.
Will Lyne, head of economic and cybercrime at the Metropolitan Police, acknowledged the gravity of the situation. “We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact on them and their families. These arrests are a significant step forward in our investigation, but our work continues,” he said.
Cyberattack on Kido Nurseries and Radiant’s Ransom Demands
The hacking group responsible for the breach identified itself as Radiant, a name that has now become central in discussions surrounding the Kido nursery cyberattack. Radiant initially demanded a ransom of £600,000 in Bitcoin in exchange for deleting the stolen data. When Kido refused to comply, the group escalated the situation by publishing personal profiles and photographs of 10 children on a darknet site. The number of profiles was later increased to 20.
In an unusual and controversial move, the hackers also contacted some of the parents directly, attempting to intensify pressure on Kido to pay for the ransom. The tactics used were condemned by cybersecurity experts, with many calling it a “new low” in the history of cybercrime due to the exploitation of minors.
The cyberattack on Kido nurseries drew wider attention on September 22 when the hackers reached out to the BBC, seemingly to gain publicity. However, the BBC withheld coverage until images of the children were publicly posted on September 25.
In a surprising turn of events, Radiant later blurred the images on their darknet site, citing reputational concerns within the hacking community. On October 2, the group claimed to have deleted all the stolen data, stating: “No more remains, and this can comfort parents.”
Kido and Famly Respond Amid Growing Public Concern
The hacking group gained access to a database hosted on the nursery management platform Famly, which Kido used to store photos, names, addresses of children, and contact information for parents and carers.
Although the data breach originated from this platform, Famly CEO Anders Laustsen clarified that their systems were not compromised. “We have conducted a thorough investigation and can confirm there has been no breach of Famly’s infrastructure. No other customers were affected,” Laustsen stated.
Kido operates 18 nurseries across London and has faced intense scrutiny since the breach. In response to the arrests, a Kido spokesperson said, “We welcome this swift action from the Met Police and recognize this is an important milestone in the process of bringing those responsible to justice. We have cooperated throughout this process with law enforcement and the relevant authorities. We remain committed to supporting police and, importantly, families, colleagues, and the wider Kido community.”
The Metropolitan Police have not confirmed whether the arrested teenagers are members of Radiant or were acting on behalf of another group. The investigation into the cyberattack on Kido nurseries remains active, with authorities urging continued vigilance among affected families.
