Hackers Behind Kido Nursery Data Breach Delete Stolen Information After Public Outcry
The UK is reeling from one of the most shocking cyberattacks to target children’s personal data, but there may finally be a glimmer of relief. Hackers who stole the personal details of more than 8,000 children enrolled in the Kido nursery chain — including names, home addresses, and even photographs — have reportedly removed the stolen information from the dark web and claim they have deleted it permanently.
According to reports, the cybercriminals, who call themselves “Radiant,” initially demanded a ransom of approximately £600,000 ($809,700) to stop the data from being leaked. They even went so far as to contact parents directly, calling families by phone in an attempt to pressure them into paying the ransom.
But in a surprising reversal, the hackers appear to have backtracked. The stolen data, once published on dark web forums, has been taken down, and the group now insists they have destroyed all copies. While security experts caution that such claims cannot easily be verified, the decision comes after intense public backlash and widespread anger over the targeting of children.
A Disturbing Breach of Trust
The incident began last week when news broke that Kido nurseries, which operate multiple early childhood centers in the UK and internationally, had suffered a serious cyberattack. Hackers infiltrated the company’s systems, stealing thousands of sensitive records belonging to young children and their families.
The stolen data included:
-
Full names of children
-
Photographs
-
Residential addresses
-
Other personal identifiers
This type of information, when exposed online, carries serious risks. Not only can it be exploited for identity theft, but in the case of children, it raises profound concerns about safety, privacy, and long-term exposure to digital threats.
The UK’s National Cyber Security Centre (NCSC) quickly condemned the incident, calling it “deeply distressing.” Security officials warned parents to remain cautious about potential scams or further contact attempts by cybercriminals, even after the hackers’ apparent retreat.
Hackers Claim Regret
In an unexpected twist, the group known as Radiant appeared to express remorse. In a direct message to the BBC, one of the hackers allegedly said, “We are sorry for hurting kids.” The group insisted that no ransom had been paid and that their decision to delete the stolen information was voluntary.
Whether this was motivated by genuine regret, public pressure, or a failed extortion attempt remains unclear. Cybersecurity experts point out that hackers often make such claims to divert attention or rebuild their reputation in underground networks.
Nevertheless, the fact that the stolen records have been removed from the dark web is a small comfort to parents who spent the past week fearing for their children’s safety.
Parents Targeted Directly
Perhaps the most disturbing element of this cyberattack was the direct contact made with families. According to reports, parents received phone calls from individuals linked to Radiant, demanding ransom payments in exchange for keeping their child’s information safe.
This approach amplified the emotional impact of the breach, turning what could have been a typical ransomware case into a deeply personal violation. Many parents described the experience as “terrifying” and “sickening,” as the safety of their children appeared to be leveraged for financial gain.
One parent told local media that the calls felt like “digital kidnapping” — the equivalent of holding children hostage online.
No Ransom Paid
Investigators and media outlets have reported that Radiant did not receive any money from Kido nurseries or from parents. This may explain why the hackers chose to pull back, realizing their extortion attempt had failed in the face of intense public scrutiny and law enforcement interest.
Cybersecurity experts say refusing to pay ransoms is critical to discouraging future attacks. While painful for victims in the short term, payment can embolden hackers to strike again, creating a cycle of dependency and reward.
Kido Nursery Response and Security Concerns
Kido nurseries has not issued a detailed public statement beyond acknowledging the attack, and CNN confirmed that the company has not yet responded to requests for comment.
On its website, Kido describes itself as a global network of early childhood education centers, “owned and operated by parents from around the world.” It emphasizes its mission to bring together best practices in early years education to provide children with a high-quality preschool experience.
This reputation now faces its most serious test, as the company must reassure parents about its ability to protect sensitive data and prevent further breaches. Experts say Kido will likely need to conduct a full cybersecurity overhaul, including:
-
Stronger data encryption
-
Improved employee training on phishing and social engineering
-
Regular security audits
-
Transparent communication with parents about safeguards
A Wake-Up Call for Child-Centered Institutions
The Kido breach underscores a troubling trend: cybercriminals are increasingly targeting schools, nurseries, and healthcare providers. These organizations often handle extremely sensitive personal data but may lack the same level of cybersecurity defenses as large corporations or government agencies.
Targeting children makes such attacks even more alarming. Experts warn that identity theft involving minors can remain undetected for years, only surfacing when the child grows older and applies for credit, housing, or education.
For parents, the breach is a painful reminder of the risks that come with digital data collection. While preschools and nurseries have valid reasons to store personal details, the balance between convenience and security has rarely felt so precarious.
What Happens Next?
Authorities in the UK are continuing to investigate the breach, though tracing hackers who operate on the dark web remains notoriously difficult. Cybercrime groups often operate across multiple countries, masking their identities through layers of encryption and anonymizing tools.
For now, the focus is on ensuring that no copies of the stolen data resurface. While Radiant claims to have deleted the files, cybersecurity experts caution that once data has been stolen, it can never truly be considered safe again.
The NCSC continues to work with Kido nurseries, advising them on security improvements and urging parents to remain vigilant. Families have also been advised to:
-
Monitor for unusual activity involving their children’s details
-
Be alert to scam emails, texts, or calls
-
Report suspicious activity to the authorities
Conclusion
The Kido nursery cyberattack has been one of the most unsettling data breaches in recent memory, not only for its scale but for its human impact. More than 8,000 children and their families were caught up in a nightmare that combined extortion, public exposure, and fear for personal safety.
While the hackers’ decision to delete the data provides some relief, the breach raises serious questions about how childcare institutions handle sensitive information. It also highlights the need for stronger global action against cybercriminal groups who show little regard for the most vulnerable members of society.
In the end, parents across the UK are left with lingering unease. For them, the scars of this attack won’t fade quickly — and the demand for stronger digital protections for children has never been more urgent.