Hackers Threaten Parents: Get Nursery to Pay Ransom or We Leak Your Child’s Data

Just when it seems like extortionists can't sink any lower, a group of cybercriminals has managed to surprise us once again. According to the BBC, a group calling itself "Radiant" claims to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the UK, US, China, and India.

The data allegedly stolen by the hackers includes names, photos, addresses, dates of birth, and details about their parents or carers. The breach also reportedly exposed safeguarding notes and medical information. To make matters worse, the group has posted samples of the stolen data, including pictures and profiles of ten children on their darknet website.

The hackers have issued a ransom demand to Kido, threatening to release more sensitive data unless they are paid. In a bizarre justification for their actions, the group claims that they "deserve some compensation for our pentest" – a reference to a type of penetration testing, which is typically done with the company's permission.

However, this kind of unauthorized hacking is not only illegal but also morally reprehensible. In most jurisdictions, carrying out such a breach without permission would require explicit authorization or be part of a reputable bug bounty program.

But that's not all – the group has also contacted some of the children's parents, threatening to release their child's data unless they put pressure on Kido to pay the ransom demand. This is a chilling reminder of what can happen when cybercriminals target individuals and families.

In recent cases, such as the Finnish psychotherapy practice Vastaamo, we've seen how these types of threats can lead to devastating consequences. The clinic went bankrupt, at least one suicide was linked to the case, and the attackers were sentenced to jail time.

While Kido has not issued a public statement on the matter, it's clear that an investigation is underway to confirm the incident and reassure parents. However, for those who have been affected by data breaches, there are steps you can take to protect yourself.

Protecting Yourself After a Data Breach

If you're or suspect you may have been the victim of a data breach, there are some actions you can take:

  • Use Malwarebytes Personal Data Remover to scan and remove your personal information from the internet.
  • Monitor your credit reports and financial accounts for any suspicious activity.
  • Report the incident to relevant authorities, such as the data protection regulator in your country.

We don't just report on data privacy – we also provide you with tools and resources to help you protect yourself. Remember, cybersecurity risks should never spread beyond a headline. Stay vigilant, and let's work together to create a safer online world for everyone.