- Police arrested two hackers for allegedly breaching a chain of nursery schools and posting children’s information on the dark web.
- The suspects are in police custody in the United Kingdom for allegedly stealing thousands of children’s data for Kido International.
- The hackers breached the Kido chain databases and obtained the names, photographs, and addresses of over 8,000 children, along with personal information of the school’s employees.
Two hackers have been arrested in connection with a cyber-attack on the London-based chain of nurseries. The suspects allegedly hacked an international school chain and then posted sensitive data, including children’s images, on the dark web.
The two suspects, only identified by the Metropolitan Police as 17-year-old and 22-year-old men, are in police custody for questioning. The Metropolitan Police arrested them in Bishop’s Stortford, Hertfordshire, on charges of computer misuse and blackmail.
The arrests came as a result of a Metropolitan Police operation across several properties in Bishop’s Stortford on Tuesday.
According to the head of economic and cybercrime for London’s Metropolitan Police service, Will Lyne, the investigations have been “ongoing at pace to identify the ones responsible.”
He continued to say that the reports undoubtedly have an impact on the parents and all concerned parties, but the “arrests are a major step forward in the investigation.”
The Nursery Breach
A hacker group, “Radiant,” claims to have stolen sensitive data related to more than 8,000 children of a nursery chain, Kido, that operates in the UK, US, India, and China. Among the data stolen are names, images, birthdates, addresses, parental details, as well as notes and medical records of children and employees.
To prove that they were in possession of such data, the group posted samples of 10 children on the darknet website, including their pictures and profiles. The following day, they released another 10 samples and issued a ransom demand and threatened to release more data unless Kido paid.
In fact, the group went an extra mile to call the parents of the children to put pressure on Kido to pay them a ransom.
However, experts believe the Radiant group didn’t profit from the hack because Kido International refused to meet their demands. Perhaps the police generally advise individuals and organizations against paying any ransoms, as it only further fuels the criminal’s ecosystem.
Also, the BBC reported that the hacker group contacted them after news of the data breach surfaced. “We do it for money, not for anything other than money,” one of the hackers reportedly told the BBC and shared that English isn’t their first language, but they hired individuals to make calls.
BBC News also said that upon challenging the hackers over using sensitive data for children to extort from the school, the hackers claimed that they “weren’t asking for an enormous amount” and that they just “deserve some compensation for our pentest.”
A “pentest” is a process in which ethical hackers professionally and systematically test a company’s security defenses. However, in the case of Kido, they were unaware of the alleged incident taking place.
The public backlash was immense against the hackers, who seemed to have some change of heart by first blurring the photos of the children online, and later pulling down the published data entirely.
Nevertheless, the arrest shows a positive sign of the Feds making some good progress on cyber criminals. Besides, the police said they are still investigating and expect to bring the suspects to justice soon.
