Hackers demand ransom after reported data breach at Kido nursery chain

Personal details of thousands of children have reportedly been stolen from Kido, an international nursery chain, in what appears to be a ransomware attack targeting its London-based operations.

According to the BBC, a cybercriminal gang claimed to have obtained names, photographs, and addresses of about 8,000 children enrolled at Kido’s nurseries. The hackers also alleged they had access to information about parents and carers, as well as safeguarding notes, and in some cases have directly contacted families by phone as part of their extortion efforts.

Kido, which operates 18 nurseries across London and additional sites in the United States, India, and China, has not confirmed the hackers’ claims. The company has not released a public statement and did not provide comment when approached. However, an employee at one of the nurseries told the BBC that staff had been notified of a data breach.

The Metropolitan Police confirmed it had received a referral on Thursday regarding “a ransomware attack on a London-based organisation.” A spokesperson said inquiries were ongoing through the Met’s cybercrime unit, though no arrests have been made.

The UK’s data regulator, the Information Commissioner’s Office, also acknowledged the incident. “Kido International has reported an incident to us and we are assessing the information provided,” a spokesperson said.

The breach at Kido adds to a growing list of major cyberattacks affecting UK businesses in recent months. Earlier this year, retailer Co-op disclosed an £80 million hit to profits following an attempted hack, while Jaguar Land Rover has faced significant disruptions to its production lines and sales systems after attackers penetrated its networks earlier this month.