This article is from the source 'bbc' and was first published or seen on . The next check for changes will be
You can find the current article at its original source at https://www.bbc.com/news/articles/c62ldyvpwv9o
The article has changed 8 times. There is an RSS feed of changes available.
| Version 4 | Version 5 |
|---|---|
| Children's names, pictures and addresses stolen in nursery hack | Children's names, pictures and addresses stolen in nursery hack |
| (32 minutes later) | |
| Hackers say they have stolen the pictures, names and addresses of around 8,000 children from the Kido nursery chain. | Hackers say they have stolen the pictures, names and addresses of around 8,000 children from the Kido nursery chain. |
| The gang of cyber criminals is using the highly sensitive information to demand a ransom from the company, which has 18 sites in and around London, with more in the US and India. | The gang of cyber criminals is using the highly sensitive information to demand a ransom from the company, which has 18 sites in and around London, with more in the US and India. |
| The criminals say they also have information about the children's parents and carers as well as safeguarding notes. | The criminals say they also have information about the children's parents and carers as well as safeguarding notes. |
| They claim to have contacted some parents by phone as part of their extortion tactics. | They claim to have contacted some parents by phone as part of their extortion tactics. |
| The BBC has contacted Kido for comment but has not had a response. | |
| The company has not released any public statements about the hack but parents and nurseries have been notified. | |
| Cyber-security firm Check Point described the targeting of nurseries as "an absolute new low". | Cyber-security firm Check Point described the targeting of nurseries as "an absolute new low". |
| One of its experts Graeme Stewart said: "To deliberately put children and schools in the firing line, is indefensible. Frankly, it is appalling." | |
| Jonathon Ellison, from the National Cyber Security Centre described the hack as "deeply distressing". | |
| "Cyber criminals will target anyone if they think there is money to be made, and going after those who look after children is a particularly egregious act," he said. | |
| An employee said the nursery was asking parents not to speak to the media - though some have spoken to the BBC. | An employee said the nursery was asking parents not to speak to the media - though some have spoken to the BBC. |
| "It's not ideal of course, we would rather they had been using some sort of encryption software," said one parent, who asked to be referred to as Mary. | "It's not ideal of course, we would rather they had been using some sort of encryption software," said one parent, who asked to be referred to as Mary. |
| "The nursery told us very quickly." | "The nursery told us very quickly." |
| Mary said her family had received an email from the hackers, who told them what information had been taken. | Mary said her family had received an email from the hackers, who told them what information had been taken. |
| "It was all very professional and well-written, no spelling mistakes or anything like that," she said. | "It was all very professional and well-written, no spelling mistakes or anything like that," she said. |
| "My partner actually works in cyber-security and we understand these things happen. | "My partner actually works in cyber-security and we understand these things happen. |
| "But we do feel the nursery has handled it well." | "But we do feel the nursery has handled it well." |
| And Bryony Wilde, who has one child at a Kido nursery in London, told the BBC the children whose data was taken were "completely innocent victims". | And Bryony Wilde, who has one child at a Kido nursery in London, told the BBC the children whose data was taken were "completely innocent victims". |
| "They are kids - their personal details shouldn't be worth anything," she said. | "They are kids - their personal details shouldn't be worth anything," she said. |
| "You are probably prepared to go a little bit further to protect children's privacy and personal details." | "You are probably prepared to go a little bit further to protect children's privacy and personal details." |
| The hacking group responsible for the claims appears to be relatively new and calls itself Radiant. | The hacking group responsible for the claims appears to be relatively new and calls itself Radiant. |
| The cyber criminals contacted the BBC about the hack and have subsequently posted details of it to their darknet website. | The cyber criminals contacted the BBC about the hack and have subsequently posted details of it to their darknet website. |
| It has published a sample of data there including pictures and profiles of 10 children from the stolen data set. | It has published a sample of data there including pictures and profiles of 10 children from the stolen data set. |
| It has been published as part of their attempt to extort money from the nursery chain, which has its 18 nurseries mostly in the London area. | It has been published as part of their attempt to extort money from the nursery chain, which has its 18 nurseries mostly in the London area. |
| Police advise not to pay ransoms as it further fuels the cyber-crime ecosystem. | Police advise not to pay ransoms as it further fuels the cyber-crime ecosystem. |
| Kido has nurseries in and around London | Kido has nurseries in and around London |
| When asked by BBC News if they felt bad about extorting a nursery using the children's data, the criminals said they "weren't asking for an enormous amount" and they "deserve some compensation for our pentest." | When asked by BBC News if they felt bad about extorting a nursery using the children's data, the criminals said they "weren't asking for an enormous amount" and they "deserve some compensation for our pentest." |
| A "pentest" - or penetration test - is the term for when ethical hackers are hired to assess the security of an organisation in a controlled and professional way. | A "pentest" - or penetration test - is the term for when ethical hackers are hired to assess the security of an organisation in a controlled and professional way. |
| These hackers however attacked the nursery chain without their permission. | These hackers however attacked the nursery chain without their permission. |
| "Of course" it's about money, they admitted to the BBC. | "Of course" it's about money, they admitted to the BBC. |
| The hack is the latest in a series of high-profile cyber-attacks, which has seen production grind to a halt at Jaguar Land Rover, and caused massive disruption to M&S and the Co-op. | The hack is the latest in a series of high-profile cyber-attacks, which has seen production grind to a halt at Jaguar Land Rover, and caused massive disruption to M&S and the Co-op. |
| Rebecca Moody, head of data research at software firm Comparitech, said the nature of the data posted online raised "alarm bells". | Rebecca Moody, head of data research at software firm Comparitech, said the nature of the data posted online raised "alarm bells". |
| "We've seen some low claims from ransomware gangs before, but this feels like an entirely different level," she said. | "We've seen some low claims from ransomware gangs before, but this feels like an entirely different level," she said. |
| She said the firm should contact anyone affected by the data breach "as a matter of urgency". | She said the firm should contact anyone affected by the data breach "as a matter of urgency". |
| The Metropolitan Police told the BBC it had received a referral on September 25 "following reports of a ransomware attack on a London-based organisation". | The Metropolitan Police told the BBC it had received a referral on September 25 "following reports of a ransomware attack on a London-based organisation". |
| "Enquiries are ongoing and remain in the early stages within the Met's Cyber Crime Unit," it said. | "Enquiries are ongoing and remain in the early stages within the Met's Cyber Crime Unit," it said. |
| A spokesperson from the Information Commissioner's Office said: "Kido International has reported an incident to us and we are assessing the information provided." | A spokesperson from the Information Commissioner's Office said: "Kido International has reported an incident to us and we are assessing the information provided." |
| Additional reporting by Graham Fraser, Technology reporter | Additional reporting by Graham Fraser, Technology reporter |
| Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. | Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here. |