Hackers have targeted a London-based chain of nursery schools and have demanded that a ransom be paid or they will release sensitive information onto the dark web, British authorities said Friday.
Kido International, which operates nursery schools throughout London and at several other locations in the United States and India, “has reported an incident to us and we are assessing the information provided,” according to a statement from the Information Commissioners Office, Britain’s data protection agency.
The BBC reported on Friday that hackers calling themselves “Radiant” had posted profiles of 10 children on the dark web, including photos and names and other identifying information, and threatened to post more profiles if Kido International did not agree to pay them a ransom.
The Information Commissioners Office did not confirm that, but said that “the safety and privacy of children remains paramount, and we will work with our partners to understand the full impact of this incident and support those affected.”
The incident is being investigated by London’s Metropolitan Police, which said in a statement: “Enquiries are ongoing and remain in the early stages within the Met’s cybercrime unit. No arrests have been made.”
The BBC reported that the hackers threatened to release 30 additional “profiles” of children, along with information about employees of Kido International, in the days ahead.
The New York Times has not independently confirmed the details reported by the BBC. Representatives from Kido International did not respond to emails seeking comment.
Demands for ransom payments in exchange for not releasing information online have been a growing threat around the world for years.
Hackers have targeted hospitals, local governments and private businesses with the release of private or sensitive information if a ransom is not paid. Other organizations have had their networks frozen by hackers, and have been threatened with the deletion of all the information if payment is not made.
In one recent incident, hackers crippled services at two London hospital chains after attacking a company called Synnovis, a private firm that analyzes blood tests.
The release of information about young children is particularly alarming, especially for their parents. The father of one child at a Kido nursery told the BBC that he had been informed by the company of a data breach.
“The revelation the children’s details could have been put on the dark web, that’s very concerning and alarming for me,” Stephen Gilbert told BBC Radio 4.