Home SEO Hosting SEO & Digital Marketing Website Design & Development Why Happy Otter? Contact us All Services Blog

Cyber Security, The Trouble With Hacking

cyber security image of girl sticking tongue out

Written by

Stephen Clark

in

The ramifications are ringing in the ears of business owners, boards of directors and IT Managers. This will undoubtedly be the case with the Directors in the Kido International nursery chain, as they have sleepless nights over the hack. A whole host of other nursery owners must be scrambling to look at their cyber security postures.

A hacker group calling itself Radiant claimed responsibility for breaching Kido International, a UK-based nursery chain. Kido has over 18 sites in Greater London, as well as some abroad.

What We Know So Far

  • Data on more than 8,000 children was stolen.
  • The hackers have published profiles that include the names, photos, and family contacts of 10 children. These have been published on the “dark web”.
  • The hackers have threatened to release 30 more profiles per child, along with the dates of 100 employees, if the demands are not met within a specific timescale.
  • Kido International has stated that the breach involved third-party systems. That might as well be, but the responsibility for the businesses that Kido uses lies with them.
  • Parents have reportedly received direct calls from the criminals, urging them to pressure Kido to pay the ransom.
  • The Information Commissioner’s Office, the Metropolitan Police, Ofsted, and the National Cyber Security Centre (NCSC) are all involved in the investigation to track down the hackers.

Why is it significant versus a regular business hack?

  • Using extortion to target a nursery is particularly concerning. The malicious nature of this attack cuts at the heart of the emotional impact on parents.
  • As we know, Children’s data is particularly sensitive and can lead to identity theft and personal safety issues. If names, photos, birth dates, any medical information or safeguarding data are released, this could cause serious harm.
  • The process of releasing data over a period of time keeps the pressure up on Kido Nurseries.
  • Let’s face it, probably a good proportion of WordPress users have not got a fully updated Website with all the JavaScripts and plugins up to date, etc. When you examine the server the website system sits on, or any databases that reside on those servers, how many of these have up-to-date PHP, database and other software applications and packages?
  • The reputational impact of this on Kido is enormous, and it will be interesting to see how long this takes to solve. The NCSC (National Cyber Security Centre) urges businesses not to pay the ransom. Meanwhile, the trust from parents and regulatory authorities will be damaged, notwithstanding the potential legal disputes.

It is, of course, possible to insure against this. This doesn’t stop it from happening, but it will mean a standard set of procedures will kick in from the insurance company. It means that your systems and business will be up and running quicker than if you didn’t have any. Therefore, cyber insurance could cover, from a liability perspective, losses resulting from the loss of funds, hacking, and ransom demands. One of our clients offers a comprehensive cover. Follow the link for more information.

cyber security in nurseries

Dixons offers Cyber Liability insurance (sometimes called “cyber cover” or “cyber insurance”) as part of their financial lines / commercial insurance offerings. The purpose is to protect a business in the event of a data breach or cyberattack that impacts its computer systems. It contains:

  • Help with regulatory and legal aspects (e.g. defence, fines, investigations)
  • Business interruption (lost income during downtime)
  • Cyber extortion/ransom/negotiation costs
  • • Network/security liability to third parties (claims from others harmed by your breach)
  • Incident response support: such as forensic, public relations, notification & credit. monitoring, etc.https://www.dixonsinsurance.co.uk/financial-lines/cyber-liability/

Broader Context & Trends

  • UK businesses experienced approximately 8.58 million cybercrimes of all types in the past 12 months. – Of that, ≈ 680,000 were non-phishing (i.e. hacking, malware, etc.) GOV.UK.
  • Q1 2025, UK organisations averaged 1,925 cyber incidents per week, a 47% increase over the same period in 2024.
  • Incidents of ransomware and extortion are increasing in the UK, hitting diverse sectors (retail, manufacturing, education, etc.).
  • Cybercriminal groups are experimenting with more aggressive tactics, especially in how they leak data, threaten victims, and try to maximise leverage. Observers note that “new players testing moral boundaries” are appearing.
  • Charities saw ≈ 453,000 cybercrimes in the same period.
  • Authorities’ stance tends to discourage paying ransom, as it can incentivise further attacks. Over 85% of breached businesses experienced phishing attacks in 2025.

What should you do now

​If you are a business owner, IT manager, or board director, the Kido International breach should serve as a loud wake-up call. Cybercrime is no longer confined to banks and big tech companies; attackers are deliberately targeting smaller organisations, schools, nurseries, charities, and professional services where security may be weaker, but the stakes are still painfully high.

Here are the immediate actions worth considering:

  1. Audit your systems now, not later. Verify that your website, servers, and cloud services are fully patched and regularly maintained. That includes PHP versions, databases, JavaScript libraries, plugins, and operating systems. Out-of-date components are prime targets.
  2. Review your supply chain. If you rely on third-party software or hosting providers, their vulnerabilities are your vulnerabilities. Demand evidence of their patching schedules, monitoring, and compliance.
  3. Implement multi-layered backups. Ensure you have secure, off-site, and encrypted backups that cannot be accessed by the same credentials that hackers might compromise. Test your ability to restore quickly.
  4. Prepare an incident response plan. Be aware of who to contact, the necessary steps to take, and how to communicate effectively in the event of a breach. Waiting until the middle of an attack is too late.
  5. Train staff and set policies. Employees are often the weakest link. Regular awareness training on phishing, passwords, and safe data handling is vital, especially in organisations holding children’s or customer data.
  6. Treat data as a liability, not just an asset. Ask: Do you really need to hold the information you are collecting? Reducing unnecessary data reduces your risk exposure.
  7. Engage with external experts. Independent penetration testing and cyber audits can help identify issues that may be overlooked internally.

The Kido hack underlines a brutal truth: the reputational, financial, and regulatory damage of a breach is far greater than the investment required to prevent one. Parents and regulators alike expect more than good intentions; they expect resilience and accountability.

Cybersecurity is no longer an IT problem. It’s a boardroom problem. The question is not whether your business can afford to invest in stronger protection, but whether it can afford not to do so. Our new range of lightning-fast SEO Servers combines security, resilience, and speed. We use wrap-around security with our firewalls as a standard feature.

Now, with free website migration and 1 month on us until the end of January 2026.

Talk to us about our new secure hosting solutions: tel:01273 011042

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts