Two men arrested after cyber attack that saw data of 8,000 nursery children stolen

Two people have been arrested after a cyber attack on a chain of London nurseries saw the data of thousands of nursery-age children stolen.

Kido International, a nursery chain with 18 sites in London and more in the US and India, was held to ransom by hackers last month.

Hackers say they have the names, addresses and photographs of thousands of youngsters, as well as the details of their families and nursery staff.

Some profiles were posted on the hacking group’s website on the dark web, a shady corner of the internet inaccessible to most web browsers, though they were later deleted.

Two men, aged 17 and 22, were arrested today in Bishop’s Stortford, Hertfordshire, on suspicion of computer misuse and blackmail.

The pair remain in custody, the force said this evening.

M&S, Co-op, Harrods and London’s Heathrow Airport, among many others, have been targeted by cyber criminals in recent months.

Matthew Lloyd Davies, a senior cybersecurity author and researcher at the tech workplace development company, Pluralsight, said the attack against Kido was an unusual one in the hacking world.

‘Young children are rarely, if ever, targeted in cybercrime, and this attack was unique because the attackers directly pressured parents of affected children,’ Davies told Metro.

‘We have seen groups reach out to CEOs, as in the M&S case, but this is a tactic we haven’t seen at this scale before and targeting families brings a new level of concern.’

What is the hacking group behind the attack?

A relatively new hacking group called Radiant contacted the BBC, claiming responsibility for the cyber attack.

Radiant is still active, according to the ransomware group tracking service, Ransom-DB.

The group’s ‘About’ webpage said their one goal is money, writing: ‘Your company failed to secure its network and we took advantage of that. It’s purely business-based.’

But not all press is good press in the hacking world. Negative publicity can mean more attention from police, while many hackers rely on their cyber criminal peers for technical tips and advice on shady chatrooms.

This is the situation Radiant has found itself in, according to the cybersecurity firm Sophos.

Last Wednesday, a member of Radiant had an exchange on the underground cybercrime forum, the Russian Anonymous Market Place, about the backlash their ransom has received.

According to screenshots obtained by Sophos and shared with Metro, a member of Nova, a criminal group that offers a menu of hacking services, told Radiant: ‘reputation important, don’t attack child right.’

Radiant replied that they ‘have disabled any attacks relating to them, is not allowed any more’ and said: ‘Any data relating to under 19s who attended have been deleted.’

The Nova member liked Radiant’s comment and replied: ‘Respect… Good luck in your business, hop [sic] more success… Feel free to contact us if you need any help.’

Radiant responded with a ‘: )’ emoticon.

Sophos also shared a screenshot of Radiant’s leak site – a criminal bulletin board for publishing stolen information and extorting victims.

The group wrote last week: ‘Due to recent backlash, we’ve decided ALL photos from now on will be blurred, data remains.’

Rebecca Taylor, a researcher who is part of the Sophos Counter Threat Unit, told Metro that today’s arrests show that hackers aren’t as invincible as they seem.

‘Historically, most cyber attacks against businesses have been from Russian groups beyond the arm of the law,’ she said.

‘But these arrests show that law enforcement can and will take action against individuals within their jurisdiction.’

Got a story? Get in touch with our news team by emailing us at webnews@metro.co.uk. Or you can submit your videos and pictures here.

For more stories like this, check our news page.

Follow Metro.co.uk on Twitter and Facebook for the latest news updates. You can now also get Metro.co.uk articles sent straight to your device. Sign up for our daily push alerts here.