Threat Summary
Category: Cybersecurity — Child Data Breach
Features: Stolen photos and records of minors, ransom demand, direct extortion calls, family childcare software compromise
Delivery Method: Hijacked credentials via initial access broker → data exfiltration → ransom and extortion campaign
Threat Actor: “Radiant” (new extortion group, attribution unverified)
A cyberattack on the UK nursery chain Kido has spiraled into one of the most disturbing breaches in recent memory, exposing photos and personal data of nearly 8,000 children. The malicious campaign, led by a group calling itself Radiant, posted the stolen material to an underground forum, sparking immediate outrage as images of children — at first unblurred — circulated online.
The attackers demanded a £100,000 ransom in bitcoin, threatening escalation if their demands were not met. In a chilling development, some parents even reported receiving direct phone calls from the hackers, with explicit threats made against them and their children.
A Rare “Retraction”
Amid growing backlash, Radiant partially blurred the images, then removed them altogether, issuing what they framed as an “apology.” Such backtracking is nearly unheard of in the cybercrime ecosystem. Analysts caution that the reversal likely had less to do with remorse and more with the group’s miscalculation of public reaction. By crossing into the highly sensitive domain of children’s photos, Radiant may have unintentionally triggered attention from law enforcement and intelligence services that normally take longer to mobilize against financially motivated actors.
The group’s ransom attempt ultimately failed: according to the BBC, Kido refused to pay the £100,000 demand. This, rather than any moral awakening, may explain why the stolen data was pulled offline.
Initial Access and Exploitation
The attackers claim they purchased stolen credentials via an initial access broker (IAB), a growing gray market where hijacked logins to corporate and SaaS platforms are sold to the highest bidder. Using those credentials, they allegedly breached Kido’s account with Famly, a family childcare management software provider.
Famly has disputed parts of this narrative. Reports indicate the company rejected Kido’s request to directly message parents through its system to warn them of the compromise — a controversial decision given the direct threats parents later received.
Why Retractions Are Rare
Radiant’s retreat stands out precisely because cybercriminals almost never follow through on promises to delete stolen data. Even in cases where ransom is paid, breaches often linger:
- LockBit / London Drugs (2024): Despite ransom payments, LockBit failed to delete stolen data from the Canadian retail chain, with records later surfacing on secondary markets.
- Clop / MOVEit Campaign (2023): Data was often duplicated, traded, or leaked further, regardless of negotiations.
That precedent makes it highly uncertain whether Radiant truly deleted the Kido data. Families and schools cannot safely assume the records are gone — the risk remains that backups exist, copies have been distributed, or data will resurface later on darknet forums.
The Bigger Picture
The Kido breach highlights a disturbing escalation in ransomware and extortion tactics: direct threats to parents using stolen child data. While healthcare and education have long been targeted for their sensitive information, crossing into the exploitation of children’s images pushes the boundaries of cybercrime into new territory.
The outrage Radiant faced also demonstrates the potential for public backlash to become a form of deterrence. By targeting children, the group alienated even segments of the cybercriminal underground that typically turn a blind eye to ransomware campaigns. This rare moment of hacker retreat underscores how certain targets — schools, hospitals, nurseries — carry both technical and societal tripwires.
But the larger concern remains: once such data is stolen, there is no way to guarantee deletion. Parents may face years of anxiety, unsure whether their children’s photos and personal information will reappear in other criminal marketplaces.
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 2 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed just like the first one.
🔥 Kindle Edition 👉 https://a.co/d/1xlx7J2
🔥 Paperback 👉 https://a.co/d/a7vFHN6
🔥 Hardcover Edition 👉 https://a.co/d/efhu1ON
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
I have been working in nurseries, or as they call them here, Early Years Units, but now I will be looking out for this when I do work in one.
Thank you very much, Michael — that’s good awareness. Working in nurseries and Early Years Units puts you right at the point where this kind of breach matters most. The more staff keep an eye out, the harder it is for criminals to exploit trust in these systems. I really appreciate your perspective, Michael, and I hope you have a great day. 😎
This is the first story of its kind that I’ve seen here, John. It is great when the public causes enough outrage to make a good difference. They can lessen the sentence when and if they catch these guys.
Thank you for the post!
You’re very welcome, Chris — and you’re right, this one is rare. Public outrage doesn’t usually sway cybercriminals, but in this case it forced a retreat, showing just how far they crossed the line by targeting children. You make a strong point too — if they’re caught, sentencing could take that backtrack into account, but it won’t erase the harm or the fear they caused. Thank you very much, Chris — I always appreciate your sharp perspective. I hope you have a great night and a blessed day ahead. 🙏😎
You’re welcome, John, and thank you for the good reply. The fear they caused, as you noted, should definitely be taken into account if these guys are ever caught. Thank you for your kind words and I hope you have a great night as well and a blessed day ahead!