Cybercriminals responsible for stealing sensitive data from Kido, a UK-based nursery chain, have deleted the information following widespread condemnation from both the public and within the hacking community. The group, known as Radiant hackers UK, had earlier published profiles of children and private family data on a leak site as part of an extortion attempt.
Data Removed After Industry Pressure
A screenshot of Radiant hackers UK website, reviewed by cybersecurity analysts, shows that children’s profiles previously exposed have now been removed. The site currently displays the Kido logo with a “view more” link that does not function, indicating that the data has been taken down.
Kido confirmed that the attackers had removed the information. A spokesperson stated the organization has continued to follow official guidance discouraging ransom payments and remains engaged with law enforcement, regulators, and cybersecurity experts to verify that the stolen data is permanently deleted.
Cybersecurity experts noted that the decision came after backlash from other cybercriminal groups. On underground forums, members of established hacking circles warned Radiant that targeting children was unacceptable and would damage its credibility. Evidence gathered by cybersecurity firm Sophos shows Radiant responding on a Russian-language forum that it had disabled attacks on children and deleted related data.
Rebecca Taylor, a researcher at Sophos, explained the significance of this shift. “Even cybercriminals know some lines can’t be crossed. Radiant hackers UK learned that stealing data belonging to children doesn’t just attract attention, it burns credibility. It erodes any legitimacy they claim, particularly as they appear to be a newly formed group.”
Taylor added that credibility is central for ransomware and extortion groups. “Deleting the data wasn’t an act of kindness, it was damage control. This was a rare moment when morality and self-interest briefly aligned.”
Extortion Attempt and Ongoing Risks
Reports indicate that Radiant hackers UK had demanded £600,000 in bitcoin from Kido to return the data, but the nursery chain refused to pay. Prior to deleting the data, the group claimed to hold sensitive information on more than 8,000 children and their families. This included accident reports, safeguarding records, billing details, and other personal files.
Parents had also reported direct intimidation. One mother told the BBC she received a phone call from the attackers, who threatened to publish her child’s information unless she pressured Kido into paying.
The group’s actions sparked strong criticism from cybersecurity analysts, parents, and industry peers alike. Experts described the targeting of children as “appalling” and “a boundary no group should cross.”
Although Radiant has now removed the leaked content, its leak site remains active and appears to be prepared for new victims. Analysts note the portal features a company search bar and instructions for contacting the group via encrypted messaging platforms.
Cybersecurity researchers believe Radiant is a new player within cybercrime networks. While its English-language communications are fluent, most ransomware and extortion groups originate from regions within the former Soviet Union, raising questions about Radiant’s origins.
Wider Implications for Cybersecurity
This incident underscores the reputational dynamics within cybercrime communities. Attacks that generate excessive public outrage can backfire, not only drawing heightened law enforcement scrutiny but also damaging trust among criminals who depend on perceived “rules” to maintain negotiation power.
According to analysts, the Radiant case highlights how credibility drives ransom negotiations. Victims are less likely to pay if a group demonstrates behavior considered reckless or illegitimate, such as endangering children.
Despite Radiant hackers UK apparent withdrawal from child-related attacks, the group remains active and may shift focus to other targets. Cybersecurity professionals caution that the removal of stolen data should not be seen as a guarantee of safety. Victims must continue to monitor for potential re-emergence of data and strengthen their defenses against evolving threats.
Kido continues to collaborate with authorities and experts to secure its systems and reassure families. “We continue to work closely with families, regulators, law enforcement and our cybersecurity experts to investigate and take active steps to confirm that the data is permanently deleted,” a spokesperson emphasized.
While the immediate threat has subsided, the episode demonstrates how cybercriminal groups are subject to internal pressures as well as external enforcement. In this case, reputational damage appears to have forced Radiant hackers UK to retreat, but the broader risks of extortion and data exposure in the education and childcare sector remain a pressing concern.
Visit more of our news! CyberPro Magazine
