The cybercriminal group Radiant claimed to have stolen sensitive data involving approximately 8,000 children across multiple countries where the nursery chain Kido operates, including the UK, US, China, and India. They posted samples on a darknet site and issued ransom demands, threatening to release further data if Kido did not pay. The attackers escalated pressure by directly threatening parents and leaking employee data such as names, addresses, and National Insurance numbers.
Following significant public and cybersecurity community backlash, Radiant initially blurred children’s images but left data online; they shortly after took the data offline and issued an apology, claiming to have deleted all child data. Despite this, cybersecurity experts caution that data is rarely fully erasable from digital systems, meaning the information may still appear elsewhere. The group also reportedly paid an initial access broker for system access and faces likely financial losses.
Victims of the breach are advised to follow vendor guidance, change passwords, enable strong two-factor authentication with FIDO2-compliant devices, beware of phishing or fake contacts, avoid storing payment information on websites, and consider identity monitoring services. The incident underscores ongoing cybersecurity risks associated with protecting sensitive personal data from unauthorized access and exploitation.
👉 Pročitaj original: Malware Bytes
