Parents are thought to have been contacted directly by hackers following a cyberattack on the Kido nursery chain, in which criminals claim to have stolen sensitive data about thousands of children and their families.
The attackers say they hold photographs, names, addresses, medical notes, and safeguarding information relating to around 8,000 children. They are demanding a ransom from the company, which runs 18 nurseries in the UK and several overseas, and have threatened to continue publishing data on the dark web if their demands are not met.
One parent, Stephen Gilbert, who has two children at a Kido nursery, told BBC Radio 4’s Today programme this morning that families were notified of the breach 10 days ago but “there’s been little or no update since then.”
“I didn’t think too much of it until the revelation that the details could have been put on the dark web, which is concerning and alarming to me,” he said.
“We’ve been given some indication of the data they’ve taken, which includes profile pictures from the nursery’s app, medical information, dates of birth, favourite things, parents’ contact details.”
Gilbert has not been personally contacted by the hackers. While he believes some parents in his nursery group may have been approached, he added that he “cannot confirm that.”
“It’s uncharted territory for a nursery,” he added. “This isn’t the kind of thing that normally happens. We hear about big enterprises like Jaguar Land Rover or Marks & Spencer being hit, but not a children’s nursery.”
The hacking group, calling itself Radiant, has claimed responsibility. It is thought to be a relatively new actor.
Cybersecurity experts have long warned that small and medium-sized enterprises in the education sector are prime targets, with fewer resources to defend against increasingly sophisticated attacks.
Government data supports this: the UK’s 2025 Cyber Security Breaches Survey found that 43% of businesses had suffered a breach in the past year, and the education sector is hit at even higher rates — with nearly half of primary schools and 60% of secondary schools reporting incidents.
Anne Cutler, a cybersecurity expert at Keeper Security, said the Kido breach underscores the urgent need for better awareness across the education sector.
“This case is particularly concerning because it involves one of the most sensitive categories of data – children’s personal information. Unlike a credit card, which can be cancelled, a child’s name, photograph and home address cannot be replaced. That leaves families exposed to identity theft and other risks for years to come.”
She pointed to the Harris Federation schools in London, which have in recent years been hit by ransomware attacks, as an example of the education sector’s vulnerability.
“By targeting infants and school-aged children, cybercriminals are not only exploiting organisations with fewer defences, but they are also deliberately inflicting emotional harm to strengthen their ransom demands.”
Cutler also recommended the Flex Your Cyber initiative as a practical resource. Launched by Keeper Security with backing from the National Cybersecurity Alliance, KnowBe4, and Williams Racing, the initiative offers tailored, age-appropriate educational materials for children, parents, teachers, and school administrators.
Through its website, the campaign provides videos, interactive games, lesson plans, and practical tips for adopting better cybersecurity practices — from strong passwords and multi-factor authentication to recognising phishing attacks.
Cutler added that the UK National Cyber Security Centre’s guidance should also be consulted by schools and families responding to such a breach, to help limit harm and reduce the risk of recurrence.
