Nursery Hit By Ransomware Attack In Major Data Breach

Kido nursery has found itself the victim of a major data breach, courtesy of a ransomware attack carried out by a group of cybercriminals, calling themselves the “Radiant Group”. The group has demanded a ransom from Kido Schools UK Limited – which is an international company with sites in London, the US, India and China.

The group has stolen names, photographs and addresses of about 8,000 children and has been threatening to steal and publish more data online unless their ransom is paid. They are said to be refraining from leaking billing information to give the nursery an opportunity to respond. A website on the dark web for the gang shows a “data leakage roadmap” – which indicates that their next step will be “to release 30 more profiles of each child” and 100 employees’ personal data.

The website also encourages any parents affected to sue the nursery – alleging that the nursery don’t care about their customer’s data and that the leak of the data is the nursery’s fault for not complying with their demands.

The decision by the group to go out of their way to specifically target children demonstrates a frightening escalation in the trend of recent cyber attacks.  Ransomware groups have been known to target organisations in the Education sector including schools given the sensitive nature of children’s data under data protection law. It has, however, been observed that hackers backtrack at the point of realising that they are compromising the data of children.

The National Cyber Security Centre has commented on the incident as follows:

“The reports of highly sensitive data being stolen in a cyber incident impacting nurseries are deeply distressing. Cyber criminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act. The NCSC has bespoke guidance to help early years settings, such as nurseries, protect themselves from attacks, as well as guidance for individuals who are concerned that their data has been affected by a breach.”

Palo Alto Networks (a cybersecurity group) has stated that breached credentials (which often means usernames, passwords and security information) may have been used to gain access to the data.

Kido is not the only company who has been compromised recently by cyber attacks. The Co-Op suffered an £80m hit to profits after a hack attempt in April, and JLR (who manufacture Land Rovers and Jaguars) have had assembly of cars on pause since the start of September, after their computer systems were subjected to cyber attacks.

This serves as an important reminder to organisations generally to ensure they have proper technical and organisational security measures in place to not only prevent but also to respond effectively to cyber attacks should they become a victim. This includes having effective data breach policies and procedures, and a focussed cyber incident response plan to include legal requirements and best practice.

Educational institutions should take particular heed of this as cybercriminals operate on financial motives and will not spare educational institutions, but in fact, oftentimes target them specifically given the sensitivity of personal data they hold.

If you’re concerned that your business may be at risk of falling victim to a data breach, our specialist data protection team can help you implement safeguards and advise on policies and procedures intended to protect you where you’re most vulnerable. Please see the Data Protection page on our website for further information as to how we can assist you.