Worst people alive hack nursery chain and start posting pictures and personal info of literal toddlers on the dark web

A toddler's hands play with some wooden blocks.

(Image credit: Mrs via Getty Images)

A hacking group calling itself Radiant has compromised a UK nursery chain called Kido, and is threatening to release the data it accessed unless a ransom is paid (first reported by the BBC). On Thursday it posted the profiles of 10 children on a dark web page alongside a "Data Leakage Roadmap" threatening that their next action would be to "release 30 more 'profiles' of each child and 100 employees' private data."

The London Metropolitan Police is investigating. Kido's data was accessed through a breach of another software company, Famly, which is primarily used by childcare organisations.

"This malicious attack represents a truly barbaric new low, with bad actors trying to expose our youngest children's data to make a quick buck," said Famly boss Anders Laustsen.

The data posted of the 10 children includes names, photographs, their birthdate, birthplace, gender, carer information, and contact details. Astonishingly, Radiant has managed to plumb the depths even further than this: one mother received a phone call she described as "threatening," and was told her child's information would be posted unless she pressured Kido to pay the ransom.

"We're in the digital age now where everything's online and I think you go into this knowing that there is a risk that at some point this could happen," said Sean, who has a child at a Kido nursery.

"Any parents that are getting angry should probably direct their anger towards the scumbags that have actually done it. You only see the people that run your nursery, and all of them are great. And these poor people are the ones getting the brunt of it on the front line."

Person typing on a laptop with red and blue lighting — (Image credit: Westend61)

The BBC managed to contact Radiant through a now-deleted Signal profile. The group said it had hired other people to make the calls. Asked if they feel any guilt about their actions, they responded:

"We do it for money, not for anything other than money. I'm aware we are criminals. This isn't my first time and will not be my last time."

Well, let's hope that the Met can do something about ensuring it is this person's last time. We're all used to cyber attacks in the news, and this certainly isn't the first time a group of criminals has chosen a morally bankrupt target. But doxxing nursery-age children? Even other cyber criminals must feel that such depravity is giving them a bad name.

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.