Your 3-Year-Old's Data Is on the Dark Web Right Now: The Kido Wake-Up Call
Your 3-Year-Old's Data Is on the Dark Web Right Now: The Kido Wake-Up Call  
Podcast: The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups
Published On: Tue Sep 30 2025
Description: In 40 years of Information Technology work, Noel Bradford has never been this angry. On September 25th, 2025, the Radiant ransomware gang stole personal data from 8,000 children at Kido International nurseries, posted their photos and medical records online, and then started calling parents at home to demand ransom payments. This isn't just another data breach. This is the moment cybercrime lost whatever soul it had left. In this raw, unfiltered episode, Noel breaks down exactly what happened, why the security failures that enabled this attack exist in thousands of UK small businesses right now, and what you need to do immediately to protect your organisation from becoming the NEXT headline. WARNING: This episode contains strong language and discusses disturbing tactics used by cybercriminals. Parental guidance advised. What You'll Learn The complete timeline of the Kido ransomware attack and how it unfolded Why hackers spent weeks inside the network before striking The new escalation tactic of directly contacting victims' families Five critical security failures that allowed 8,000 children's records to be stolen Why "we're too small to be targeted" is the most dangerous lie in business The regulatory consequences Kido faces under UK GDPR Immediate action steps every small business must take NOW Why does this attack signal a fundamental shift in cybercrime tactics   Key Takeaways The Five Critical Failures Initial Access Was Preventable - Likely phishing, weak passwords, or unpatched vulnerabilities No Monitoring - Weeks of dwell time with zero detection No Network Segmentation - Hackers accessed everything once inside No Data Loss Prevention - 8,000 records exfiltrated without triggering alarms Inadequate Backups - No mention of restoration from clean backups New Threat Landscape Reality Ransomware gangs now directly contact victims' families Children's data is being weaponised for psychological pressure Moral boundaries in cybercrime have completely dissolved Attack tactics proven successful will be replicated by other groups Business Impact Statistics 43% of UK businesses suffered a breach in the past year Nearly 50% of primary schools reported cyber incidents 60% of secondary schools experienced attacks The education sector is particularly vulnerable Featured Experts & Sources Government & Law Enforcement: Metropolitan Police Cyber Crime Unit Information Commissioner's Office (ICO) Jonathon Ellison, Director for National Resilience, National Cyber Security Centre Cybersecurity Experts: Rebecca Moody, Head of Data Research, Comparitech Anne Cutler, Cybersecurity Expert, Keeper Security Mantas Sabeckis, Infosecurity Researcher, Cybernews Direct Victims: Stephen Gilbert, Parent with two children at Kido nursery Threat Actors: Radiant Ransomware Gang (claims to be Russia-based) Immediate Action Checklist Do These TODAY: Enable multi-factor authentication on ALL business accounts Check that all software is updated to the latest versions Review who has access to sensitive data Verify backups exist and are stored offline Schedule staff phishing awareness training Do These This Week: Audit your network segmentation Implement monitoring and alerting systems Review password policies across the organisation Create an incident response plan Assess cyber insurance coverage Do These This Month: Conduct a full security audit Test backup restoration procedures Implement data loss prevention tools Review vendor and third-party security Schedule penetration testing Resources Mentioned Government Resources National Cyber Security Centre: https://www.ncsc.gov.uk/ Information Commissioner's Office: https://ico.org.uk/ Met Police Cyber Crime Unit: https://www.met.police.uk/advice/advice-and-information/fa/fraud/online-fraud/cyber-crime/ UK Cyber Security Breaches Survey: https://www.gov.uk/government/collections/cyber-security-breaches-survey Cybersecurity Companies Comparitech: https://www.comparitech.com/ Keeper Security: https://www.keepersecurity.com/ Cybernews: https://cybernews.com/ Legal & Compliance UK GDPR Guidance: https://ico.org.uk/for-organisations/guide-to-data-protection/ Children's Data Protection: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/children-and-the-uk-gdpr/ Episode Quotes "What happened to Kido International this week represents the absolute lowest point I've witnessed in 40 years of cybersecurity." "These hackers didn't just encrypt some files and demand payment. They actively posted samples of children's profiles online. Then they started ringing parents directly." "You're not special. You're not too small. You're not immune. You're just next on the list unless you take action." "The hackers claim they 'deserve some compensation for our pentest.' Let that sink in. They're calling this a penetration test." "A child's photo, name, and home address in criminal hands. This data doesn't expire. It doesn't get less valuable. It just sits there, a permanent risk to these families." "None of these failures are unique to nurseries or large organizations. I see the same problems in small businesses every single week." "You're making the same mistakes that led to 8,000 children's data being posted on the dark web. The only difference is scale." Discussion Questions How would you respond if your business were to experience a similar attack? What security measures do you currently have in place? Do you know where your most sensitive data is stored and who can access it? When was the last time you tested your backup restoration? How would you handle direct contact from threat actors? Connect With Noel Bradford Website: The Small Business Cyber Security Guy Email: hello@thesmallbusinesscybersecurityguy.co.uk LinkedIn: Noel Bradford Need Help With Your Cybersecurity? Equate Group Support The Podcast If this episode made you think differently about cybersecurity, please: ⭐ Leave a 5-star review on Apple Podcasts 📢 Share this episode with other business owners 📧 Subscribe to get every new episode 💬 Join the conversation on social media using #KidoHack   Legal Disclaimer The information provided in this podcast is for educational and informational purposes only. It does not constitute legal, financial, or professional cybersecurity advice. Always consult with qualified professionals regarding your specific situation. Opinions expressed are those of the host and do not necessarily reflect the views of any organisations mentioned. Transcript Full episode transcript available at: TBC Episode Tags #Cybersecurity #Ransomware #DataBreach #SmallBusiness #KidoHack #UKBusiness #CyberCrime #DataProtection #GDPR #InformationSecurity #CyberAwareness #ThreatIntelligence #BusinessSecurity #RansomwareAttack #ChildSafety © 2025 The Small Business Cyber Security Guy Podcast. All rights reserved.