PARENTS have been warned that their children’s names, pictures and addresses have been stolen after hackers targeted a nursery chain.
The hackers have claimed that the attack has affected around 8,000 children from the Kido nursery chain.
1
Kido has an international network of schools including 18 sites located in or around London with other sites scattered across the US, India and China.
In addition to stealing the children’s information, the hackers also say they’ve stolen information on the children’s parents and carers and highly sensitive safeguarding notes.
The criminals themselves got in touch with the BBC about their actions and refer to themselves as Radiant.
To prove they had the data, they posted a sample on the dark web in an effort to extort money from Kido and parents who they say they’ve contacted some of them by phone.
They told the BBC that they “weren’t asking for an enormous amount” and that they “deserve some compensation for our pentest”.
This refers to a “penetration test” which is a controlled and simulated cyberattack performed by “ethical hackers” who are usually employed by organisations to test their security.
The Sun has reached out to Kido for comment.
One parent told the BBC that those who had their data stolen were “completely innocent victims”.
“They are kids – their personal details shouldn’t be worth anything,” they said.
Another family also confirmed they had been targeted by the attack but said the nursery “had handled it well”.
Graeme Stewart, a cybersecurity expert at Check Point Software said the attack marked an “absolute new low”.
He added that to target nurseries and children’s data was “indefensible” and “appalling”.
Earlier this year it was revealed that more than a third of UK schools have been hit by crippling cyber attacks with hackers demanding hefty ransoms.
The National Cyber Security Centre (NCSC) – the UK’s top authority on cyber threats – said the education sector is now one of the most targeted parts of the public sector.
While experts at cyber firm Sophos said schools are being picked because hackers see them as “frequent victims” with weak cyber defences, outdated systems and tight budgets.
Their data shows ransom demands for schools now average £5.1million, with recovery costs soaring to nearly £3million.
In one significant attack last year, ten schools in Lancashire were knocked offline after ransomware gang Rhysida crippled the Fylde Coast Academy Trust.
It’s not only educational organisations that have been targeted in recent months either.
Jaguar Land Rover was forced to halt operations this month at its factors following a cyber attack.
The shutdown is likely to significantly dent profits with bosses bracing for a £120m hit amidst its shutdowns.
The Sun also reported yesterday how a man has been arrested following an investigation into a cyber attack which caused disruption at major UK and European airports.
Airlines were forced to delay and even cancel flights after the alleged attack, causing chaos at Heathrow, Brussels and Berlin airports.
Three teenagers and a woman were also arrested in July as part of another investigation into cyber attacks targeting Marks & Spencer, Co-op and Harrods.
M&S was only able to bring back key services in August, four months after the attack.
