3 hours ago
6
Cybercriminals who stole pictures and the private information of thousands of nursery children have deleted the data.
A gang calling themselves Radiant have removed details of children at the UK-based Kido nursery chain from a website it had set up to extort victims.
A cybersecurity source confirmed to the Guardian that profiles of children had been removed from the site, which has been reformatted.
A screenshot of the site, seen by the Guardian, no longer displays children’s profiles from the hack. It now displays a Kido logo with “view more” underneath it, but a cybersecurity source said the link did not work – implying that the data has been removed.
A Kido spokesperson confirmed the attackers had removed information that they had previously published.
The spokesperson said: “Throughout this incident we have followed guidance from the authorities that discourages ransom payments as they only fuel and incentivise further criminal activity. We continue to work closely with families, regulators, law enforcement and our cybersecurity experts to investigate and take active steps to confirm that the data is permanently deleted.”
The BBC first reported the deletion and quoted one of the hackers who said: “We are sorry for hurting kids.”
Hacking gangs are sensitive to negative publicity, not least because it raises their exposure to action from law enforcement and disrupts relationships within the hacking community.
Rebecca Taylor, a researcher at cybersecurity firm Sophos, said: “Even cybercriminals know some lines can’t be crossed. Radiant learned that stealing data belonging to children doesn’t just attract attention, it burns credibility. It erodes any legitimacy they claim, particularly as they appear to be a newly formed group.”
Taylor said “credibility is king” for groups demanding ransoms for stolen data because it gave them leverage in negotiations. The BBC reported that Radiant had demanded £600,000 in bitcoin from Kido to return the data but that Kido had not paid the ransom.
“Deleting the data wasn’t an act of kindness, it was damage control. This was a rare moment when morality and self-interest briefly aligned,” Taylor said.
However, the revamped Radiant leak site – the term for such portals – appears to be ready for more victims, with a search bar for finding companies that have been hacked by the group, plus details of how to contact the group via Tox, an encrypted messaging service.
Although Radiant has shown a proficient command of English in its communications, analysts believe the group could be non-western. Most ransomware groups – groups who encrypt a company’s IT files and steal data – are from states from the former Soviet Union. Radiant appears to be a new group within cybercrime circles, according to analysts.
Prior to the deletion, one woman told the BBC she had received a threatening phone call from the criminals who said they would post her child’s information online unless she put pressure on Kido to pay a ransom. Kido has nurseries on 18 sites around London and more in the US, India and China.
Radiant had claimed to have sensitive data on more than 8,000 children and their families, including accident and safeguarding reports, as well as billing information. It said all Kido nurseries in the UK were affected.
One cybercriminal told the BBC: “All child data is now being deleted. No more remains and this can comfort parents.”
