Cybercriminals who compromised the personal information and photos of thousands of nursery children have since removed the data following a public outcry.

The group responsible for the breach has erased details of children from the UK-based Kido nursery network.

Screenshots reviewed by the Guardian show that the child’s profile from the breach is no longer visible. Currently, the Kido logo is displayed with “More” under “More,” but sources in cybersecurity report that the link is non-functional, indicating that the data has been removed.

A spokesperson for Kido confirmed that the attacker had indeed deleted the previously exposed information.

The spokesman stated: “We are adhering to guidance from authorities regarding ransom payments to prevent incentivizing further criminal activities. We are collaborating closely with families, regulatory bodies, law enforcement, and cybersecurity experts to ensure our data is permanently removed.”

The BBC first reported on the data deletion and mentioned a hacker who expressed remorse, stating, “I’m sorry for hurting the child.”

Targeting children has drawn widespread condemnation, with cybersecurity experts labeling the breach as “crossing a line” and “testing ethical boundaries.” A parent of a child at Kido in London remarked that the hackers were “sinking to new lows.”

The Guardian has also found indications of notorious gang members in underground cybercrime forums being advised by their peers to avoid attacking minors.

On Wednesday, members of Nova, a faction that offers hacking services to other criminals, cautioned a persona named Radiant on an anonymous Russian forum, saying, “reputation matters, so do not target children.” Radiant responded, “We have not been allowed to cease any operations concerning them,” adding, “data of those under 19 who attended has been deleted.”

The leak site and forum posts were documented by analysts at the cybersecurity firm Sophos.

Hacking teams are acutely aware of the impact of negative publicity, which can lead to increased scrutiny from law enforcement and disrupt internal relationships within the hacking community.

Sophos researcher Rebecca Taylor noted: “Even criminals understand that there are lines they shouldn’t cross. We have discovered that stealing data from minors not only draws attention but also damages credibility.”

Taylor emphasized, “credibility is crucial” for groups that demand ransoms for stolen information. The BBC reported that Radiant had sought £600,000 in Bitcoin from Kido for the return of the data, but Kido refused to comply.

“The deletion of data was not an act of benevolence, but rather a move for damage control. This was an unusual instance where morality and self-interest briefly aligned,” Taylor remarked.

However, the revamped Radiant Leak site, a portal for such data, appears to be more user-friendly, featuring a search bar to locate companies targeted by the group and contact information through TOX, an encrypted messaging platform.

Radiant demonstrates proficient English in communication, but analysts suspect this group may not be Western-based. Most ransomware groups originate from former Soviet states. Analysts believe that Radiant may represent a new entity in the cybercrime landscape.

Before the data was deleted, one woman informed the BBC that she received a threatening call from a hacker who claimed they would publish information about her child online unless she pressured her child to comply with ransom demands. Kido operates 18 locations in London, along with nurseries in the US, India, and China.

Radiant boasted about having sensitive information on over 8,000 children and their families, including incident reports, protection records, and billing information. All Kido nursery locations in the UK reported being affected by the breach.

One cybercriminal told the BBC: “All child data has been removed. There is nothing left, and this should reassure parents.”