Hackers have stolen personal information, including names, addresses, and photos of thousands of nursery children, posting the data on the darknet. Around 8,000 children’s details were compromised, prompting cyber criminals to demand a ransom from the Kido nursery chain in London, the US, and India. The hackers claim to possess information about the children’s parents and carers, including safeguarding notes, and have contacted some parents for extortion purposes. The BBC reported that the cyber criminals responsible have published details of the breach on their darknet platform.
Reportedly, a sample of the leaked data includes photos and profiles of 10 children, released by the hackers as part of their extortion scheme against the nursery chain. Law enforcement authorities advise against paying ransoms to discourage further cyber crimes.
When questioned about their actions, the hackers defended themselves, stating they were not seeking a large sum and believed they deserved compensation for their penetration testing work. Despite the term “pentest” usually referring to ethical hacking done with permission, these hackers conducted their activities without authorization from the nursery chain.
One parent, referred to as Mary, disclosed that the nursery promptly notified them of the security breach. Mary mentioned receiving an email from the hackers detailing the stolen information. She acknowledged the professionalism of the communication and praised the nursery for its handling of the situation.
The Mirror reached out to Kido for comment. The Metropolitan Police acknowledged receiving a report of a ransomware attack on a London-based organization and confirmed ongoing investigations by the Met’s Cyber Crime Unit, with no arrests made thus far.
This incident follows a series of cyber attacks on UK supermarkets, including Marks & Spencer, Co-op, Harrods, Aldi, Tesco, and Sainsbury’s, which experienced various forms of cyber threats leading to service disruptions and data compromises.
