Hackers Breach Nursery Chain And Demand Ransom
A group of hackers targeted the Kido International nursery chain and demanded a ransom last week. The attackers threatened to release private data onto the dark web.
According to the BBC, the hackers breached the nursery’s internal system and posted 10 children’s profiles on the dark web on Thursday and 10 more last Friday. The leaked data included sensitive information such as photographs, details about household members, and birth dates and locations. Stolen records also contained families’ and employees’ names, contact details, and national insurance numbers.
British authorities and the Metropolitan Police are investigating. Kido International informed parents about the breach and said that the compromised data had been stored on Famly, a software service widely used by childcare providers and nurseries.
"This malicious attack represents a truly barbaric new low, with bad actors trying to expose our youngest children's data to make a quick buck," said Anders Laustsen, Famly Boss, to the BBC. "We have conducted a thorough investigation of the incident and can confirm that there has been no breach of Famly's security or infrastructure in any way and no other customers have been affected.”
Ciaran Martin, former head of the National Cyber Security Centre, described the situation as "absolutely horrible," but urged calm as well. "The hackers are trying to stoke up fear, and the risk of physical harm to children is extremely low," said Martin to the BBC.
Some parents told the BBC they had received "threatening" calls from hackers pressuring them to urge the nursery to pay the ransom. The BBC noted that this type of call is “extremely rare.”
The hackers contacted the BBC on Monday. "We do it for money, not for anything other than money," said one of the hackers when asked about feeling guilty for their actions. "This isn't my first time, and will not be my last time." However, they admitted that the attention has been overwhelming and claimed they would not target preschools again.
In March, a dataset containing more than 47,000 records of children with special needs was exposed online after billing invoices from a company called Encore Support Services were found in an unsecured database.
Please, comment on how to improve this article. Your feedback matters!