Two Arrested Over Nursery Cyber-Attack in London (2025)

Two people have been arrested in connection with a shocking cyber-attack on a London-based nursery chain that exposed the personal data of thousands of children. The Metropolitan Police confirmed that a 17-year-old boy and a 22-year-old man were detained in Bishop’s Stortford, Hertfordshire, as part of an ongoing investigation into the breach. The incident, which targeted the Kido nursery group, has sparked outrage and concern among parents and cybersecurity experts alike, not only for the scale of the data theft but because it involved some of society’s most vulnerable individuals — young children.

The cyber-attack came to light in late September when a hacker collective calling itself “Radiant” claimed responsibility for gaining access to the personal information of more than 8,000 children enrolled in Kido nurseries across London. The stolen material reportedly included names, photographs, addresses, medical details, and staff information. To demonstrate their access, the group published profiles of ten children on a dark web leak site and demanded a £600,000 ransom in Bitcoin, threatening to release additional data if the ransom was not paid.

Kido refused to give in to the blackmail attempt. Following a wave of public outrage and intense media scrutiny, the hackers abruptly changed their stance. In an online statement, Radiant claimed they had deleted the data, saying they had “realized the moral and legal consequences” of their actions. The content that was previously available on their website was taken down, and the group declared that it would not leak further information. However, cybersecurity experts have expressed skepticism about the claim. Once data has been stolen, they warn, it can never truly be erased. Even if the information is no longer visible online, copies may still exist elsewhere or be shared privately.

The method by which the attackers gained access to Kido’s systems remains under investigation. Early reports suggested that the breach may have occurred through Famly, a third-party nursery management software that Kido uses to communicate with parents. Famly, however, has strongly denied that its systems were compromised, stating that its infrastructure remains secure and that no other clients were affected. The Metropolitan Police’s Cyber Crime Unit is continuing to investigate how the hackers infiltrated the network, while Kido has hired independent cybersecurity specialists to assess the damage and prevent future breaches. The nursery group also confirmed it is working closely with the police and the UK Information Commissioner’s Office (ICO) to notify affected families.

For many parents, the incident has been devastating. The thought that images and sensitive details of their children might be circulating online has been deeply distressing. “I felt physically sick,” said one mother whose child attends a Kido nursery in West London. “We trusted the nursery with our most precious information — pictures, notes about our child’s health — and now it’s out there somewhere.” Kido has issued an apology to parents and pledged to improve its digital security, emphasizing that protecting children’s privacy remains its highest priority.

The arrests mark a major step in a case that could reshape how institutions handle children’s data in the UK. The two suspects face charges under the Computer Misuse Act and blackmail laws — serious offences that can lead to long prison sentences if proven. Meanwhile, the Information Commissioner’s Office has launched an inquiry into the incident. Under UK data protection laws, organizations must implement robust security measures and notify affected individuals promptly in the event of a breach involving sensitive information.

Experts believe the Kido cyber-attack will likely trigger greater scrutiny of how schools, nurseries, and childcare providers manage personal data. Many of these organizations rely heavily on cloud-based systems, which can be convenient but also vulnerable if not properly secured. “Criminals are going where the data is,” one cybersecurity analyst noted. “Childcare centers hold sensitive, high-value information — it’s a wake-up call that the education and care sectors must now be treated as high-risk targets.”

Authorities have urged parents and members of the public not to attempt to access or share any leaked material, warning that doing so could amount to a criminal offence. A Metropolitan Police spokesperson said: “We’re committed to ensuring accountability and protecting the victims of this deeply troubling crime.”

As the investigation continues, Kido faces the challenge of rebuilding trust with parents and strengthening its systems to prevent another breach. For now, the arrests bring a measure of relief — but they also serve as a stark reminder of how vulnerable everyday institutions have become in an age where even nurseries are not safe from cybercriminals. The case of the “nursery cyber-attack” has become a defining moment in the conversation about digital safety, ethics, and the responsibilities of those entrusted with safeguarding children’s data.