Two arrested over cyber-attack on nursery chain

Child playing with building blocksImage source, Getty Images
  • Published

A 17-year-old boy and a 22-year-old man have been arrested by police investigating a cyber-attack on a chain of nurseries in London.

The Metropolitan Police say the pair were arrested at residential addresses in Bishop's Stortford, Hertfordshire, on suspicion of computer misuse and blackmail.

Hackers were said to have stolen the photographs, names and addresses of about 8,000 children from the Kido chain.

The force said it received a referral from the Action Fraud cyber crime reporting service on 25 September detailing a ransomware attack.

Those arrested remain in custody for questioning.

Will Lyne, Met's Head of Economic and Cybercrime, said: "We understand reports of this nature can cause considerable concern, especially to those parents and carers who may be worried about the impact of such an incident on them and their families.

"These arrests are a significant step forward in our investigation, but our work continues, alongside our partners, to ensure those responsible are brought to justice."

Kido did not respond to a request for comment about the way the hackers stole the data.

But a spokesperson confirmed it had "identified and responded to a cyber incident" and was "working with external specialists to investigate and determine what happened in more detail".

They added: "We swiftly informed both our families and the relevant authorities and continue to liaise closely with them."

The cyber attack on Kido's nursery was first brought to the BBC's attention on 22 September when hackers calling themselves Radiant attempted to get press attention for a data theft as part of their attempts to extort the nursery chain for around £600,000 in Bitcoin.

The BBC did not report on the breach until the hackers began posting images and profiles of some of the children on their darknet site on 25 September in what cyber experts described as a "new low" in cyber crime.

The stolen data included names, addresses and pictures of children along with contact details for parents and carers.

The hackers called parents directly about their hack to pressure Kido into paying the ransom to have the data deleted. More children's profiles were added taking the total to 20.

In an unusual move they hackers then blurred the images as they were concerned about their reputation with other hacking groups.

Then on 2 October they removed all the stolen data and pictures from their darknet site and claimed to have deleted all 8,000 children's' files. "No more remains and this can comfort parents," they said.