Nursery hackers threaten to publish more children's profiles online

Hackers holding pictures and private data of thousands of nursery children and their families to ransom say they will publish more information online unless they are paid.

Criminals calling themselves Radiant hacked Kido nursery chain and posted profiles of 10 children online on Thursday.

On their website on the dark web - a part of the internet accessed using specialist software - they have shared a "Data Leakage Roadmap" saying "the next steps for us will be to release 30 more 'profiles' of each child and 100 employees' private data".

Kido has not responded to the BBC's requests for comment. But it is working with the authorities and the Met Police is investigating.

Kido told parents the breach happened when criminals accessed their data hosted by a software service called Famly.

The software is widely used by other nurseries and childcare organisations, and it says on its website it is used by more than one million "owners, managers, practitioners and families".

"This malicious attack represents a truly barbaric new low, with bad actors trying to expose our youngest children's data to make a quick buck," Famly boss Anders Laustsen told the BBC.

"We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly's security or infrastructure in any way and no other customers have been affected.

"We of course take data security and privacy extremely seriously."

The criminals' site contains a gallery of 10 children with their nursery pictures, date of births, birthplace and details - such as who they live with and contact details.

Parents have contacted the BBC concerned about the hack, with one mother receiving a threatening phone call from the criminals.

The woman, who did not want to be named, says she received a phone call from the hackers who said they would post her child's information online unless she put pressure on Kido to pay a ransom.

The mother described the call as "threatening".

Another parent, Stephen Gilbert, told the Today programme on BBC Radio 4 that someone in his parent's WhatsApp group also received a call.

"The revelation the children's details could have been put on the dark web, that's very concerning and alarming for me."

But Sean, who has a child at the Kido nursery in Tooting, contacted BBC News to say he sympathises with the staff there.

"We're in the digital age now where everything's online and I think you go into this knowing that there is a risk that at some point this could happen," he said.

"Any parents that are getting angry should probably direct their anger towards the scumbags that have actually done it.

"You only see the people that run your nursery, and all of them are great. And these poor people are the ones getting the brunt of it on the front line."

Cyber criminals have been known to make calls to victim organisations to put pressure on them to pay ransoms.

But to call individual victims is extremely rare.

In conversations through the messaging app Signal the fluent English-speaking criminals told the BBC English is not their first language and claimed they hired people to make the calls.

It's a sign of the callousness of the criminals but also a sign of desperation as it appears Kido is not complying.

Police advice is to never pay hacker ransoms as it encourages the criminal ecosystem.

The hackers first contacted the BBC about their breach on Monday.

After they published the first batch of children's' data online the BBC asked if they feel guilty about their distressing actions and the criminals said: "We do it for money, not for anything other than money."

"I'm aware we are criminals," they said.

"This isn't my first time and will not be my last time."

But they also said they would not be targeting pre-schools again as the attention has been too great.

They have since deleted their Signal account and can no longer be contacted.

Additional reporting by James Kelly and Mary Litchfield.

Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.