Met Police Arrest Teenagers in Kido Nursery Ransomware Attack

The Metropolitan Police (Met) in the United Kingdom have arrested two 17-year-old boys in connection with a ransomware attack targeting Kido, a London-based nursery chain. 

The cyberattack compromised the sensitive data of approximately 8,000 children and their families, exposing a severe vulnerability in the education sector’s digital infrastructure.

Sensitive data of thousands of children exposed

The arrests took place on Oct. 7, 2025, in Bishop’s Stortford, Hertfordshire, following a referral to the Met Police from Action Fraud on Sept. 25. 

According to the Met’s Cyber Crime Unit, the suspects were detained on suspicion of computer misuse and blackmail. They remain in custody for questioning as part of an ongoing investigation.

The ransomware group responsible, known as Radiant, gained unauthorized access to Kido’s data through Famly, a third-party software platform widely used by childcare providers. 

The hackers stole names, home addresses, photographs, parental contact details, and confidential medical and safeguarding records. 

Experts described the breach as one of the most egregious attacks involving children’s data in recent years.

In an attempt to extort Kido, Radiant demanded a ransom of approximately £600,000 in Bitcoin. 

When the nursery chain did not comply, the hackers escalated their threats by directly contacting parents and releasing images and personal details of some children on the dark web. 

The publication of these images on Sept. 25 drew widespread condemnation and prompted immediate law enforcement action.

The response

In a post about the incident, the Met’s Head of Economic and Cybercrime, Will Lyne, stated “We understand reports of this nature can cause considerable concern, especially to those parents who may be worried about the impact of such an incident on them and their families.” 

He added that the arrests marked a significant step forward in the investigation, although efforts to bring all responsible parties to justice continue.

Interestingly, even within the cybercriminal community, Radiant’s tactics were viewed as excessive. 

Following criticism from other threat actors, the group claimed to have blurred the images and deleted all stolen data by Oct. 02, 2025. 

In a statement to BBC, a Radiant member said, “All child data is now being deleted. No more remains, and this can comfort parents.” 

While such claims remain unverifiable, cybersecurity analysts note that the incident’s rapid reversal highlights the reputational risks even criminal groups face when public outrage peaks.

Broader implications for cybersecurity in education

The Kido breach underscores a troubling trend: educational institutions and childcare organizations are becoming prime targets for cyberattacks. 

With limited funding for IT infrastructure and cybersecurity, nurseries, schools, and universities often rely on outdated systems or third-party vendors with inconsistent security standards.

According to cybersecurity experts, ransomware attacks on educational institutions have surged over the past few years, exploiting gaps in data protection and staff training. 

These attacks not only disrupt operations but also endanger the privacy and safety of minors—making them particularly distressing. 

The Kido incident exemplifies how vulnerabilities in shared digital platforms can have cascading consequences, affecting thousands of families at once.

In response, authorities and cybersecurity professionals are urging organizations that handle children’s data to adopt stronger encryption, routine security audits, and crisis management plans. 

As data breaches grow more sophisticated, collaboration between the public and private sectors will be crucial in safeguarding sensitive information.

Lessons from the Kido ransomware case

The arrests of two teenagers connected to the Kido ransomware attack mark an important milestone in the fight against cybercrime targeting the education sector. 

While the full extent of the damage remains under investigation, the case serves as a stark reminder of the urgent need for enhanced cybersecurity measures in environments that manage vulnerable populations. 

The Met’s swift action demonstrates the importance of cross-agency coordination and the potential for accountability, even in crimes that originate in the digital realm.

Ultimately, the Kido breach reveals not only the dangers of inadequate digital defenses but also the ethical limits that, when crossed, can elicit condemnation from all sides—including the cybercriminal world itself.