Met Police Arrest Teenagers in Kido Nursery Ransomware Attack | eSecurity Planet

Met Police Arrest Teenagers in Kido Nursery Ransomware Attack

Two teens were arrested for a ransomware attack on Kido nurseries that exposed data from 8,000 children.

Written By
Ken Underhill
Ken Underhill
Oct 9, 2025
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The Metropolitan Police (Met) in the United Kingdom have arrested two 17-year-old boys in connection with a ransomware attack targeting Kido, a London-based nursery chain. 

The cyberattack compromised the sensitive data of approximately 8,000 children and their families, exposing a severe vulnerability in the education sector’s digital infrastructure.

Sensitive data of thousands of children exposed

The arrests took place on Oct. 7, 2025, in Bishop’s Stortford, Hertfordshire, following a referral to the Met Police from Action Fraud on Sept. 25. 

According to the Met’s Cyber Crime Unit, the suspects were detained on suspicion of computer misuse and blackmail. They remain in custody for questioning as part of an ongoing investigation.

The ransomware group responsible, known as Radiant, gained unauthorized access to Kido’s data through Famly, a third-party software platform widely used by childcare providers. 

The hackers stole names, home addresses, photographs, parental contact details, and confidential medical and safeguarding records. 

Experts described the breach as one of the most egregious attacks involving children’s data in recent years.

In an attempt to extort Kido, Radiant demanded a ransom of approximately £600,000 in Bitcoin. 

When the nursery chain did not comply, the hackers escalated their threats by directly contacting parents and releasing images and personal details of some children on the dark web. 

The publication of these images on Sept. 25 drew widespread condemnation and prompted immediate law enforcement action.

The response

In a post about the incident, the Met’s Head of Economic and Cybercrime, Will Lyne, stated “We understand reports of this nature can cause considerable concern, especially to those parents who may be worried about the impact of such an incident on them and their families.” 

He added that the arrests marked a significant step forward in the investigation, although efforts to bring all responsible parties to justice continue.

Interestingly, even within the cybercriminal community, Radiant’s tactics were viewed as excessive. 

Following criticism from other threat actors, the group claimed to have blurred the images and deleted all stolen data by Oct. 02, 2025. 

In a statement to BBC, a Radiant member said, “All child data is now being deleted. No more remains, and this can comfort parents.” 

While such claims remain unverifiable, cybersecurity analysts note that the incident’s rapid reversal highlights the reputational risks even criminal groups face when public outrage peaks.

Advertisement

Broader implications for cybersecurity in education

The Kido breach underscores a troubling trend: educational institutions and childcare organizations are becoming prime targets for cyberattacks. 

With limited funding for IT infrastructure and cybersecurity, nurseries, schools, and universities often rely on outdated systems or third-party vendors with inconsistent security standards.

According to cybersecurity experts, ransomware attacks on educational institutions have surged over the past few years, exploiting gaps in data protection and staff training. 

These attacks not only disrupt operations but also endanger the privacy and safety of minors—making them particularly distressing. 

The Kido incident exemplifies how vulnerabilities in shared digital platforms can have cascading consequences, affecting thousands of families at once.

In response, authorities and cybersecurity professionals are urging organizations that handle children’s data to adopt stronger encryption, routine security audits, and crisis management plans. 

As data breaches grow more sophisticated, collaboration between the public and private sectors will be crucial in safeguarding sensitive information.

Lessons from the Kido ransomware case

The arrests of two teenagers connected to the Kido ransomware attack mark an important milestone in the fight against cybercrime targeting the education sector. 

While the full extent of the damage remains under investigation, the case serves as a stark reminder of the urgent need for enhanced cybersecurity measures in environments that manage vulnerable populations. 

The Met’s swift action demonstrates the importance of cross-agency coordination and the potential for accountability, even in crimes that originate in the digital realm.

Ultimately, the Kido breach reveals not only the dangers of inadequate digital defenses but also the ethical limits that, when crossed, can elicit condemnation from all sides—including the cybercriminal world itself.

Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and technology leader with more than 25 years of experience in IT, cybersecurity, and risk management. His career spans network administration, incident response, penetration testing, and entrepreneurship, giving him firsthand experience helping organizations reduce risk and ensure compliance. Ken is also a former nurse and combat medic and he uses this background to break down complex cybersecurity topics into digestible content for a broad, global audience. A multi-exit cybersecurity founder, Ken has spent decades helping organizations strengthen their security posture, manage risk, and navigate complex technology challenges. His expertise includes overall cybersecurity strategy, cloud security, incident response, risk management, security awareness, and emerging threats affecting businesses. Ken is also an advisor to multiple startups on AI security and risk. In addition to his hands-on industry experience, Ken is a cybersecurity newsletter writer for TechnologyAdvice, where he covers cybersecurity news/trends and actionable best practices for business and IT professionals. Ken is also an educator with over 2 million people going through his courses over the years. He has won the Global Cybersecurity 40 under 40 (2x winner), the Cyber Champion award from Women's Society of Cyberjutsu, and the 2019 SC Media award for Outstanding Educator. Ken is also a volunteer with organizations like Minorities in Cybersecurity, Black Girls Hack, and the Whole Cyber Human Initiative, which helps veterans transition into security careers. Ken holds a Master of Science in Cybersecurity and Information Assurance from Western Governors University and a Bachelor of Science in Information Systems, with a major in Cybersecurity Management, from Strayer University. His certifications include the Certificate of Cloud Security Knowledge (CCSK), Certified Ethical Hacker (CEH), and Computer Hacking Forensic Investigator (CHFI) and he is a former adjunct professor of Digital Forensics. Ken also had a streaming cybersecurity television show from 2020-2022 that reached over 200K monthly viewers around the world. His work and expertise have been featured in Forbes, Reader's Digest, Medium, TechRepublic, Fox, NBC, CBS, Dark Reading, MSN Money, and other leading publications and media outlets, making him a trusted voice on cybersecurity, election security, and privacy.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.