Cliff Notes
-
Hackers have stolen personal information of over 8,000 children from a nursery chain, with plans to release data on 30 more children and 100 employees imminently.
-
Kido nurseries reported the breach, confirming affected parents have been informed and reassured about the incident.
-
Experts warn against paying the ransom, as the compromised data is unlikely to be permanently deleted and may be exploited further.
Hackers ‘behind nursery cyber attack’ tell Sky News they are releasing more data on dozens of children | UK News
.
Hackers who claimed to have stolen pictures, names and addresses of over 8,000 children in a cyber attack on a nursery chain have told Sky News they will release the profiles of more children and employees.
So far, the information released has been restricted to the personal contact details of children who attend the nurseries, as well as their parents and carers.
Radiant has told Sky News they intend to imminently release a new set of data, including the profiles of 30 more children and 100 employees.
It said the release would include the personal information of the employees including “full names, national insurance numbers, DOBs [date of births], full addresses, employment start date, email addresses and more”.
The stolen information on the children includes medical records, incident reports and the allocation of drugs and medicine given to the children.
The group claimed it typically demands around 1.5% of a company’s yearly revenue in ransom.
Sky News understands the group has not received any money from the Kido nursery group.
On Thursday, parents whose children attend a Kido nursery branch told Sky News they had received an email confirming the data incident and had been offered reassurance by the company.
An Information Commissioner’s Office spokesperson said: “Kido International has reported an incident to us and we are assessing the information provided.”
The Metropolitan Police said they “received a referral on Thursday, 25 September, following reports of a ransomware attack on a London-based organisation”.
They said enquiries are at the early stages and no arrests have been made.
Ciaran Martin, former chief of the National Cyber Security Centre, which is part of the GCHQ spy agency, told Sky News presenter Samantha Washington he believes the hackers should not pay the ransom.
“This data is not coming back. That’s the bit that isn’t reassuring. There is no way of guaranteeing the suppression of this data,” he said, adding hacking groups often sell the data on to other criminals or use it for scams or fraud.
“And when law enforcement get to this group, even if the nursery pays the ransom, they’ll find the data – they won’t delete it. They never do. So it won’t achieve anything.”
Recent high-profile victims of cyber criminals in the UK include retail giant Marks and Spencer, which lost an estimated £300m in a ransomware attack earlier this year.
Meanwhile, the government has been urged to step in this week to support suppliers affected by a cyber attack on Jaguar Land Rover, after the car-making firm was forced to halt production at the end of August.
This breaking news story is being updated and more details will be published shortly.
Please refresh the page for the fullest version.