Hackers threaten to publish more children's profiles after nursery data breach

Ransomware group Radiant hacked the Kido nursery chain and published profiles of 10 children online on the dark web, threatening to release 30 more profiles of each child and 100 employees' private data unless paid. Police say the attack is under investigation, with the Met Police coordinating with the company. The breach appears to involve data hosted by Famly, a software service used by nurseries and childcare organisations. There is no indication that other Famly customers were affected.

BBC has reviewed what the hackers posted, including a gallery of 10 children with photos and data such as dates of birth, birthplaces, and details about who the children live with and how to contact their families. The hackers also described a so‑called 'data leakage roadmap' on the dark web, outlining steps to release additional information, including more child profiles and staff data. The post underscores the scope of the breach and the potential reach of the data.

Kido said the breach occurred after criminals accessed data stored in Famly's systems. The company says it is cooperating with authorities, and BBC has requested comment from Famly; there has been no public statement from the company to date. Famly's own site says the platform is used by more than one million owners, managers, practitioners and families. There is no indication that other Famly customers were affected at this time.

Parents contacted BBC with concerns about the breach. One mother reported receiving a threatening phone call from the hackers, who demanded pressure be applied on Kido to pay. Another parent, Stephen Gilbert, said someone in his child’s WhatsApp group also received a call, and he described the disclosure of children's details as alarming for families.

The criminals told BBC that they use the Signal messaging app to contact victims and that they hired people to make calls. They spoke fluent English but, according to BBC reporting, English is not their first language. The messages conveyed pressure to secure a ransom, and the attackers indicated they had previously conducted similar operations. They later said they would not target pre‑schools again because the attention had become too great.

Law enforcement officials have urged the public not to pay hacker ransoms, arguing that payment fuels criminal networks. The Met Police are leading the investigation, with cooperation from other agencies as needed. BBC News has contacted Famly for comment; the firm has not issued a public response about this breach.

In the broader context, data breaches involving childcare providers highlight the evolving risk of cybercrime in the consumer technology space. Famly and other software platforms used by education and care providers have become critical infrastructure, but they also present potential single points of failure if misused or inadequately protected. Authorities continue to review how the data was exposed and what steps can reduce similar risks in the future. Families affected by the incident are advised to monitor communications from the nursery and to follow guidance from the police and data-protection authorities on safeguarding personal information.

More context about the incident includes the attacker’s use of a public-facing data leak plan and a staged release schedule on the dark web. While the event raises concern about online safety for children and families, it also underscores the ongoing effort by law enforcement and cybersecurity firms to trace digital fingerprints and prevent further harm. As investigators parse server logs and communications, parents and nurseries alike are weighing steps to secure personal data and limit exposure to similar attacks.