A UK-based nursery chain, Kido, has fallen victim to a ransomware attack orchestrated by a group identifying itself as Radiant. The breach, which has sent shockwaves through communities, saw hackers publish the personal profiles of 10 children online, with threats to release more sensitive information unless a ransom is paid. This incident underscores the growing vulnerability of educational institutions to sophisticated cyberattacks and raises urgent questions about safeguarding children’s data in the digital age.
The attack, first reported on September 26, 2025, targeted Kido, a nursery chain known for its innovative approach to early childhood education. According to cybersecurity experts, Radiant exploited weaknesses in the nursery’s digital infrastructure, gaining access to sensitive records that include children’s names, ages, and other personal details. The hackers’ decision to publicize a sample of the stolen data has sparked widespread concern among parents, educators, and policymakers, highlighting the ethical depravity of targeting institutions that serve young children.“
This is a new low for cybercriminals,” said Dr. Emily Chen, a cybersecurity researcher at the University of Oxford. “Attacking a nursery not only violates privacy but also exploits the emotional bonds of families, creating fear and uncertainty. It’s a stark reminder that no organization is immune to these threats, no matter how seemingly benign its mission.”
Kido’s leadership swiftly notified affected families and is working with law enforcement and cybersecurity firms to contain the breach. In a statement, the nursery chain emphasized its commitment to transparency and protecting its community. “We are devastated by this violation of trust and are taking every possible measure to secure our systems and support those impacted,” said Anushka Patel, Kido’s chief executive. The organization has also engaged forensic analysts to trace the attack’s origins and prevent further leaks.
The Radiant group’s tactics align with a broader surge in ransomware attacks, which have increasingly targeted vulnerable sectors like education and healthcare. According to a 2025 report from the cybersecurity firm Tozali, ransomware attacks are projected to cost organizations globally $10.5 trillion this year, with hackers leveraging advanced tools like AI-driven malware to exploit system weaknesses. Educational institutions, often underfunded in cybersecurity, are particularly at risk.
For parents like Sarah Thompson, whose four-year-old attends a Kido nursery, the breach feels deeply personal. “It’s terrifying to think that someone could have my child’s information,” she said. “We trust these institutions to keep our kids safe, not just physically but online, too. This feels like a betrayal, even if it’s not entirely their fault.”
The incident has reignited debates over data protection regulations and the responsibilities of organizations handling sensitive information. In the UK, the Data Protection Act 2018 mandates stringent safeguards for personal data, particularly for children. However, experts argue that many institutions lack the resources or expertise to comply fully. “Smaller organizations like nurseries often don’t have the budget for robust cybersecurity,” noted Dr. Chen. “This creates a dangerous gap that hackers are all too eager to exploit.”
The Kido breach also raises broader societal questions about the ethical boundaries of cybercrime. By targeting children’s data, Radiant has drawn condemnation from advocacy groups like the European Center for Digital Human Rights, which has called for stronger international cooperation to combat such threats. “This isn’t just a technical issue; it’s a moral one,” said Maria Gonzalez, a spokesperson for the group. “We need global standards to protect the most vulnerable among us.”
As Kido works to restore trust and secure its systems, the incident serves as a wake-up call for institutions worldwide. Cybersecurity experts urge organizations to invest in advanced detection tools, train staff to recognize phishing attempts, and adopt encryption protocols to safeguard sensitive data. For parents, the breach is a reminder to advocate for stronger digital protections at their children’s schools and nurseries.
“This attack is a symptom of a larger problem,” said Dr. Chen. “As our world becomes more connected, we must prioritize digital safety with the same urgency we apply to physical safety. The stakes are too high to do otherwise.”
