Hackers have released information on nursery children they said was stolen from nursery chain Kido, part of a cache of details on more than 8,000 children and staff.
The hackers have also made threatening calls to parents in an effort to pressure Kido to pay a ransom, the BBC reported.
The hackers said they stole data including the names, addresses and photographs of the children after breaching software called Famly used by the chain.
Child data released
The hackers claim their data also includes other information on the children, such as dates of birth, birthplace and safeguarding notes, in addition to details on parents and Kido staff.
The criminals, who call themselves Radiant, posted profiles of 10 children on a dark-web site on Thursday and said they would release 30 more child profiles and data on 100 Kido employees.
Famly, which makes the software that was breached, said its own infrastructure had not been penetrated and no other customers had been affected.
Famly chief executive Anders Laustsen told the BBC that the attack was a “barbaric new low”.
An unnamed mother told the BBC the hackers had telephoned her directly in a “threatening” call and said they would post her child’s information online unless she pressured Kido to pay a ransom, while another parent said someone in his WhatsApp parental group had also received a call.
The BBC said that the criminals spoke fluent English in conversations through the messaging app Signal, but claimed they were not native English-speakers and had hired people to make the calls.
Other major hacks this year on companies including Marks & Spencer, the Co-op, Harrods and Jaguar Land Rover have been attributed to English-speaking hackers, while police arrested a man from West Sussex last week in connection with an attack on airport check-in software maker Collins Aerospace.
English-speaking criminals
This is a shift from past cyber-crime activity, when major attacks have tended to be attributed to Russian-speaking gangs.
The criminals told the BBC they would not target pre-schools again as the incident has attracted too much attention.
Similarly, a gang that claimed to have carried out the M&S, Co-op and JLR attacks claimed earlier this month that it had decided to “go dark” in a move that security researchers said was likely to be a response to the intense police response to the crimes.
Kido has not yet confirmed the hack in any public statement, but the Information Commissioner’s Office said Kido had reported an incident and that it was assessing the information provided.
The Metropolitan Police said it had received a referral last Thursday following reports of a “ransomware attack on a London-based organisation” and that enquiries were ongoing within the Met’s cyber-crime unit.
