In a troubling development, hackers have stolen personal information, including names, addresses, and photos, of thousands of children enrolled in nurseries. The stolen data, considered highly sensitive, has been shared on the darknet. Approximately 8,000 children’s details were compromised by a cybercriminal group targeting the Kido nursery chain, which operates in London, the US, and India. The hackers are demanding a ransom from the nursery chain, claiming to possess information on the children’s parents and caregivers, including safeguarding notes. The BBC reported that the cybercriminals have contacted some parents to extort money, and details of the cyber attack have been disclosed on the darknet website of the criminal gang.
As part of their extortion scheme, the hackers have released a sample of the stolen data, featuring photos and profiles of 10 children. Law enforcement authorities are advising against paying ransoms as it could further fuel cybercrime activities.
When questioned about the morality of extorting a nursery using children’s data, the hackers defended their actions by stating that they were not seeking a large sum and felt deserving of compensation for their penetration testing efforts. However, they conducted the intrusion without authorization from the nursery chain.
One parent, identified as Mary, shared her experience with the BBC, stating that the nursery promptly informed them of the security breach. Despite the unsettling situation, Mary acknowledged the nursery’s effective handling of the incident.
In response to the incident, inquiries have been initiated by the Metropolitan Police’s Cyber Crime Unit following reports of a ransomware attack on a London-based organization. No arrests have been made yet as the investigation is in its early stages.
This breach follows a series of cyber attacks targeting UK supermarkets. Marks & Spencer, Co-op, Harrods, Aldi, Tesco, and Sainsbury’s have all faced cyber threats, leading to service disruptions and data compromises in recent months.