Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The hacker group that has claimed responsibility for a cyber attack on the Kido nursery chain has told affected families to sue the company, in a brazen move to shift the blame on to its target.
“We encourage any parents that’s been affected to sue the nursery. They do not care about your data,” Radiant Group posted on its dark web page on Friday, alongside a link to a joint claim page.
The group, which claims to have hacked 18 UK nurseries managed by Kido and released 10 “profiles” of children on to the dark web, blamed the leaks on Kido’s non-compliance with their demands.
“Next steps for us will be to release 30 more profiles of each child and 100 employees [personal information] including full names, national insurance numbers, dates of birth, full addresses, employment start date, email addresses and more,” Radiant added.
The exact date of the attack is unknown, but the communications between the hackers and Kido indicated it could have been up to several weeks ago, according to cyber security group Sophos.
One affected parent told the Financial Times Kido first contacted them to inform them of the breach 10 days ago.
The person added that parents had been informed about the attack via the software company Famly, whose platform many nurseries and other childcare organisations use.
Anders Laustsen, chief executive of Famly, said the company had conducted “a thorough investigation of the incident” and could confirm there had been “no breach of Famly’s security or infrastructure in any way” and no other customers had been affected.
Radiant has also claimed to have contacted the parents of victims in order to heap further pressure on Kido, saying it had data on more than 8,000 individuals linked to the nurseries, in addition to accident and safeguarding reports as well as billing information.
The group said it had not yet leaked the billing information as it was “giving Kido a chance [to respond]”.
The group’s decision to specifically target children marks a new escalation in cyber attacks, which often see groups backtrack if they realise the data of children has been compromised.
“Reputation and money are the two most important things to groups like Radiant. Their reputation is taking a battering at the moment but it will be worth it if it results in a big payday, and others will emulate it,” said Toby Lewis, global head of threat analysis at Darktrace.
Radiant had not posted a public ransom figure as of Friday afternoon.
Rafe Pilling, director of threat intelligence at Sophos, said the group appeared to be a newly formed organisation that seemed to be concentrating on one victim, rather than making multiple attacks.
“They think by doubling down on this current victim, and bringing misery to all involved, that they will improve the chance of a payout,” he added.
Cybersecurity group Palo Alto Networks said “breached credentials” may have been used to gain access to Kido’s data, potentially through a recent acquisition.
The attack has sparked a response from the National Cyber Security Centre, which warned early years groups to follow specific guidance in order to protect themselves from attacks.
Jonathon Ellison, NCSC director for national resilience, added that the reports about the Kido hack were “deeply distressing”.
A spokesperson for Kido said the law enforcement co-ordinator to the NCSC was aware of the attack, and that “Kido are working with the Metropolitan Police in investigating the incident”.
Additional reporting from Mari Novik in London
Read the full article here