(MENAFN) Police have arrested a 17-year-old boy and a 22-year-old man in connection with a cyber-attack targeting a chain of nurseries in London. The pair were detained at residential addresses in Bishop’s Stortford, Hertfordshire, on suspicion of computer misuse and blackmail, the Metropolitan Police said.

The attack on the Kido nursery chain involved the theft of photographs, names, and addresses of approximately 8,000 children. Authorities were first alerted to the incident on 25 September through a referral from the Action Fraud cyber crime reporting service detailing a ransomware attack. The suspects remain in custody for questioning.

Will Lyne, Head of Economic and Cybercrime at the Met, acknowledged the distress caused to parents and carers and emphasized that the arrests represent a “significant step forward” in the investigation. He added that efforts to hold all responsible parties accountable are ongoing.

The attack was initially reported to the public on 22 September when hackers, calling themselves Radiant, attempted to draw attention to the breach while demanding a ransom of around £600,000 in Bitcoin. On 25 September, the hackers posted images and profiles of some children on a darknet site, which cyber experts described as a “new low” in criminal activity.

The stolen data included children’s names, addresses, photographs, and contact details for parents and carers. Hackers reportedly contacted parents directly to pressure Kido into paying the ransom. Over time, additional children’s profiles were posted, bringing the total to 20. In an unusual move, the hackers blurred images to protect their reputation within the hacking community before eventually deleting all 8,000 children’s files from the darknet site on 2 October.

A Kido spokesperson confirmed that the company had “identified and responded to a cyber incident,” working with external experts to investigate and address the breach. Families and relevant authorities were promptly informed.

MENAFN08102025000045017640ID1110167497