Tag Archives: Kido

Kido Nursery Hackers Claim to Have Removed Stolen Data | Cybercrime

Posted on by
Reply

Cybercriminals who compromised the personal information and photos of thousands of nursery children have since removed the data following a public outcry.

The group responsible for the breach has erased details of children from the UK-based Kido nursery network.

Screenshots reviewed by the Guardian show that the child’s profile from the breach is no longer visible. Currently, the Kido logo is displayed with “More” under “More,” but sources in cybersecurity report that the link is non-functional, indicating that the data has been removed.

A spokesperson for Kido confirmed that the attacker had indeed deleted the previously exposed information.

The spokesman stated: “We are adhering to guidance from authorities regarding ransom payments to prevent incentivizing further criminal activities. We are collaborating closely with families, regulatory bodies, law enforcement, and cybersecurity experts to ensure our data is permanently removed.”

The BBC first reported on the data deletion and mentioned a hacker who expressed remorse, stating, “I’m sorry for hurting the child.”

Targeting children has drawn widespread condemnation, with cybersecurity experts labeling the breach as “crossing a line” and “testing ethical boundaries.” A parent of a child at Kido in London remarked that the hackers were “sinking to new lows.”

The Guardian has also found indications of notorious gang members in underground cybercrime forums being advised by their peers to avoid attacking minors.

On Wednesday, members of Nova, a faction that offers hacking services to other criminals, cautioned a persona named Radiant on an anonymous Russian forum, saying, “reputation matters, so do not target children.” Radiant responded, “We have not been allowed to cease any operations concerning them,” adding, “data of those under 19 who attended has been deleted.”

The leak site and forum posts were documented by analysts at the cybersecurity firm Sophos.

Hacking teams are acutely aware of the impact of negative publicity, which can lead to increased scrutiny from law enforcement and disrupt internal relationships within the hacking community.

Sophos researcher Rebecca Taylor noted: “Even criminals understand that there are lines they shouldn’t cross. We have discovered that stealing data from minors not only draws attention but also damages credibility.”

Taylor emphasized, “credibility is crucial” for groups that demand ransoms for stolen information. The BBC reported that Radiant had sought £600,000 in Bitcoin from Kido for the return of the data, but Kido refused to comply.

“The deletion of data was not an act of benevolence, but rather a move for damage control. This was an unusual instance where morality and self-interest briefly aligned,” Taylor remarked.

However, the revamped Radiant Leak site, a portal for such data, appears to be more user-friendly, featuring a search bar to locate companies targeted by the group and contact information through TOX, an encrypted messaging platform.

Radiant demonstrates proficient English in communication, but analysts suspect this group may not be Western-based. Most ransomware groups originate from former Soviet states. Analysts believe that Radiant may represent a new entity in the cybercrime landscape.

Before the data was deleted, one woman informed the BBC that she received a threatening call from a hacker who claimed they would publish information about her child online unless she pressured her child to comply with ransom demands. Kido operates 18 locations in London, along with nurseries in the US, India, and China.

Radiant boasted about having sensitive information on over 8,000 children and their families, including incident reports, protection records, and billing information. All Kido nursery locations in the UK reported being affected by the breach.

One cybercriminal told the BBC: “All child data has been removed. There is nothing left, and this should reassure parents.”

Source: www.theguardian.com

Kido Nursery Hackers Threaten to Release Additional Children’s Profiles | Cybercrime Update

Posted on by
Reply

A hacker threatens to release personal information and photographs of thousands of nursery children online unless a ransom is paid.

Identified by the alias Shine, the hacker compromised the UK-based Kido Nursery chain and revealed the profiles of 10 children online on Thursday. Their Dark Web site features a “Data Leak Roadmap,” indicating plans to “publish 30 profiles of personal data for each child and 100 employees.”

A cybersecurity briefing reviewed by the Guardian suggests that Radiant is a new entity within the cybercrime landscape, “pushing the limits of morality and practicality.”

The group’s online content demonstrates proficient English skills; however, there are hints they may not be Western, attributed to a “slight awkwardness” in their phrasing, the analysis indicates.

The Radiant Gang’s “leak sites”—a common strategy in ransomware attacks displaying victim data on the dark web—contain 10 Kido customer profiles for parents, which include the child’s name, date of birth, parent’s and grandparent’s names, as well as address and phone number.

The site claims to possess sensitive information on over 8,000 children and their families, documenting incidents, protection reports, and claims. All Kido nurseries in the UK have reported being impacted.

The leak site mentioned its efforts to negotiate with Kido, stating, “It’s slowly leaking, which undermines the entire company and prompts them to continue the dialogue.”

A spokesperson from Kido stated: “We have recently identified and responded to cyber incidents. We are collaborating with external experts to investigate and determine the details of what occurred. We will promptly inform both our families and relevant authorities and maintain close communication with them.”

The nursery chain is collaborating with authorities, including the intelligence committee’s office, Ofsted, and the Metropolitan Police, which is currently conducting an investigation.

An email from Kido UK CEO Catherine Stoneman, reviewed by the Guardian, noted a “complex” forensic investigation and emphasized treating the incident as a “first priority.” She suggested that the breach involved “two third-party systems responsible for processing certain data.”

Stoneman elaborated: “If we confirm that family information has been compromised, affected families have been contacted. If you have not received direct communication, that means there is no forensic evidence indicating your data has been impacted.”

With 18 locations across London, the US, India, and China, Kido informed parents that the breach occurred due to criminal access to data hosted on a software service known as Famly.

Famly’s CEO, Anders Laustsen, stated: “We will conduct a comprehensive investigation into this matter to ensure that Famly’s security and infrastructure have not been compromised.

One parent shared with the BBC that she received a threatening phone call from a hacker.

Sean, whose child attends Kido Nursery in Tooting, southwest London, expressed that neither he nor any parents he knew had been directly informed by the nursery about the potential compromise of their children’s data. “How could they obtain details for specific kids, not just generally? That’s the real issue,” he remarked.

Sean noted that he viewed the risk of real-time information regarding children—such as through cyberattacks—as a necessary trade-off for using the app. He empathized with nursery staff who bear the brunt of parental complaints, pointing out that the app provider should be held accountable.

“One of the obviously alarming aspects is that anyone could stoop to such depths to extort money from a nursery while using children as leverage,” he said.

Authorities are cautioning businesses against paying hacker ransoms to help prevent the perpetuation of criminal activities, as cyberattacks continue to escalate in frequency.

Recent high-profile victims include Co-ops, Marks & Spencer, and Jaguar Land Rover. Many of these attacks have been linked to an English-speaking cybercrime group known as “scattered spiders.”

The M&S hack utilized ransomware commonly associated with Russian-speaking cyber gangs, including software designed to lock target IT systems.

The BBC communicated with criminals via the Signal messaging app, found them fluent in English but learned that it wasn’t their primary language, and they employed others for calls.

The hacker remarked, “We do it for profit, not just for the sake of being criminals. I know I’m committing crimes and this isn’t my first or my last.”

They added that the public scrutiny was too intense, leading them to refrain from targeting nurseries again.

Source: www.theguardian.com

Hackers Allegedly Breach Kido Nursery Chain, Exposing Photos of 8,000 Children

Posted on by
Reply

Approximately 8,000 names, photos, and addresses of children were allegedly taken from the Kido Nursery chain by a group of cybercriminals.

According to the BBC, these criminals are demanding ransoms from companies operating 18 sites in London, as well as additional locations in the US, India, and China.

The hackers also accessed details about the children’s parents and caregivers, claiming they were securing notes. They reached out to several individuals by phone, employing tactics associated with the Frightor.


Kido has been approached for comment but has yet to confirm the hackers’ assertions. The company has not released an official statement regarding the incident.

A nursery employee informed the BBC that she had been made aware of the data breach.

The Metropolitan Police indicated that they were alerted on Thursday “following reports of ransomware attacks on a London-based organization,” adding that “enquiries are ongoing and remain in the initial phase within Met’s cybercrime division. No arrests have been made to date.”

A spokesperson for the Intelligence Committee office stated that “Kido International has reported the incident to us and we are currently assessing the provided information.”

Many organizations have experienced cyberattacks recently. The Cooperative reported a £80 million decline in profits due to a hacking incident in April.

Skip past newsletter promotions

Jaguar Land Rover (JLR) was unable to assemble vehicles at the start of the month following a cyberattack that compromised their computer systems.

As a result, the company had to shut down most systems used for tracking factory components, vehicles, and tools, impacting their luxury Range Rover, Discovery, and Defender SUV sales.

The company has since reopened a limited number of computer systems.

Quick Guide

Please contact Guardian Business about this story

The best public interest journalism depends on firsthand accounts from informed individuals.

If you have any insights on this topic, confidentially reach out to the business team through the following means:

Secure Messages in Guardian App

The Guardian app features a tool for sending tips about stories. All messages are encrypted and embedded within routine uses of the Guardian app, ensuring no one can detect your communication with us.

If you haven’t installed the Guardian app yet, download it (iOS/Android), navigate to the menu, scroll down, and click Secure Messaging. Choose Guardian Business when prompted about whom you wish to contact.

SecureDrop, Instant Messenger, Email, Phone, and Mail

If you can safely access the TOR network without being detected, you can send messages and documents to the Guardian through our SecureDrop platform.

Lastly, our guide at theguardian.com/tips provides various secure communication methods while discussing their respective advantages and disadvantages.


Illustration: Guardian Design / Rich Cousins

Thank you for your feedback.


Source: www.theguardian.com