The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries.
The 17-year-old suspects were taken into custody at their homes in Bishop’s Stortford, Hertfordshire, on suspicion of blackmail and computer misuse.
While the Met didn’t share more details on the cyberattack, the details align with a September 25 attack that targeted the systems of the Kido nursery chain in Greater London. Kido International’s nurseries and preschools are trusted by over 15,000 families across the United Kingdom, the United States, India, and China.
After breaching Kido’s systems, the cybercrime gang (known as Radiant Group) claimed they stole the sensitive data and photos of over 1,000 children, leaking the pictures and addresses for some of them on the hackers’ dark web leak site in an attempt to extort the nursery chain.
“We currently possess sensitive data on over 1000+ children (they know the exact number), along with their parents and relatives, all employees and company data,” the criminals said.
On October 2, the attackers removed the leaked files after failing to extort Kido and making threatening calls to the children’s parents.

After the attack was disclosed, Kido revealed that the stolen data of children had been hosted by a software service called Famly, which nurseries use to share information and photos with parents.
“We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly’s security or infrastructure in any way and no other customers have been affected,” Famly chief executive Anders Laustsen said. “We of course take data security and privacy extremely seriously at Famly.”
The UK NCSC Director for National Resilience, Jonathon Ellison, also published a statement describing the incident as “deeply distressing.”
“Since these attacks took place, specialist Met investigators have been working at pace to identify those responsible. We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families,” said Will Lyne, Met’s Head of Economic and Cybercrime, in a Tuesday statement.
“We want to reassure the community and anyone affected that this matter continues to be taken extremely seriously. These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice.”
These arrests come amid a growing trend of teenagers linked to high-profile cyberattacks being arrested in the UK. This year, UK police also detained multiple young suspects tied to incidents targeting companies such as M&S, Co-op, and Harrods, as well as other teenagers accused of breaching Transport for London’s systems.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy