Kido nursery cyber attack: Thousands of children's names, pictures and addresses stolen

Thousands of names, addresses and photos of nurserychildren have been stolen by hackers - with some of the higly sensitive data posted on the darknet.

The details of around 8,000 children were accessed by a gang of cyber criminals, who are using the sensitive information to demand a ransom from the Kido nursery chain - which has sites across London, the US and India. The hackers claim to hold information on the children's parents and carers, including safeguarding notes - and say they've contacted some parents to extort them. The BBC says it was contacted by the cyber criminals responsible, and that details of the online assault have been published on the gang's darknet website.

READ MORE: Co-op set to take £120million profit hit after cyber attack

READ MORE: Russia 'launches cyber attack' on NATO country plane carrying defence minister

A sample of the published data reportedly includes photos and profiles of 10 children. The hackers are said to have released the information as part of a plot to extort money from the nursery chain. Police are advising not to pay ransoms as this only encourages further cyber crime.

When the hackers were asked if they felt guilty for extorting a nursery using children's data, they said they "weren't asking for an enormous amount," and that they "deserve some compensation for our pentest." A pentest - known as a penetration test - refers to when ethical hackers are hired to assess a company's security in a controlled and professional way. But the hackers have done so without the nursery chain's permission.

One parent, who asked to be referred to as Mary, told the BBC the nursery had informed them of the incident "very quickly". Mary said her family received an email from hackers telling them what information they had stolen.

She explained: "It was all very professional and well-written, no spelling mistakes or anything like that," she said. "My partner actually works in cyber-security and we understand these things happen. But we do feel the nursery has handled it well."

The Mirror has contacted Kido for comment. The Metropolitan Police said in a statement: "Met Police received a referral on Thursday, 25 September following reports of a ransomware attack on a London-based organisation. Enquiries are ongoing and remain in the early stages within the Met’s Cyber Crime Unit. No arrests have been made."

The incident comes after a string of cyber attacks on UK supermarkets. Marks & Spencer (M&S) and Co-op experienced significant ransomware attacks in mid-April that disrupted their services and compromised some customer data. Harrods thwarted an attempted hacking, while a cyberattack on a food distributor left Aldi, Tesco, and Sainsbury's with stock issues.