Cybercriminal group Radiant has claimed responsibility for a cyberattack on Kido International, a prominent childcare provider in London, leaking personal data of over 8,000 children. The breach, confirmed by the group on its dark web portal, includes names, photographs, home addresses, and family contact information.
The gang has already released 10 child profiles as proof and has threatened to leak data on 30 more children and 100 employees if demands are not met. The group claims it had been inside Kido’s network “for weeks,” but has not disclosed how much ransom, if any, was demanded.
Grave Threat to Child Data Privacy
This incident represents one of the most egregious breaches involving sensitive child data in the UK this year. Jonathon Ellison of the National Cyber Security Centre (NCSC) said the targeting of institutions caring for children marks a disturbing escalation in cybercrime tactics. “Cybercriminals will target anyone if they think there is money to be made,” he said.
London’s Metropolitan Police confirmed that an investigation is underway but have made no arrests yet. The case is being handled by the Met’s Cyber Crime Unit.
A Growing Pattern of Disruption
The Kido incident is the latest in a string of ransomware attacks disrupting British infrastructure. Just days ago, authorities arrested a man linked to the cyberattack on Collins Aerospace, a breach that disrupted check-in systems at Heathrow and other European airports. Similarly, a recent hack on retailer Marks & Spencer led to a significant revenue loss projection of £300 million for FY2025–26.
UK government sources are reportedly considering financial support for suppliers affected by a cyberattack-induced shutdown at Jaguar Land Rover, signalling the broader economic fallout of these targeted incidents.
Who Is Radiant?
The Radiant group, which claimed responsibility for the Kido attack, is believed to be based in Russia, although no definitive proof has been provided. The group’s tactics align with the typical ransomware playbook — infiltrating networks, exfiltrating data, and leveraging public exposure to pressure victims into paying.
Kido International, which operates 18 nurseries in Greater London, has yet to issue a public statement or respond to media inquiries.
The Bigger Picture: Ransomware as a National Threat
With cyberattacks on schools, nurseries, and major companies becoming more frequent, cybersecurity experts warn that the UK’s critical infrastructure — both public and private — is facing unprecedented risk.
As authorities race to contain the fallout and track the actors behind these breaches, the Kido International incident underscores a new and dangerous chapter in ransomware: the targeting of institutions entrusted with the care of the most vulnerable.
