InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. Nursery Cyber attack
An infographic titled "Digital Safeguarding" shows a glowing shield in the center with a stylized circuit board pattern. A fist punches through the shield, and the words "Safeguarding" and "Cybersecurity" are on either side, linked by an equals sign. Inside the shield, a digital lock icon is featured, along with simplified icons representing people, houses, and what appear to be data points labeled "Manin Salaries" and "Jahet Maintres." In the background, a group of young children are sitting on the floor in a brightly lit classroom. The top of the image features the logo for "DATA PROTECTION EDUCATION." The bottom of the image has the text "DIGITAL SAFEGUARDING IS CHILD SAFETY."
Information/Cyber Security

Nursery Cyber attack

A cyber attack on nursery chain, Kido claims to have stolen photos, names and addresses of around 8,000 children.  The information includes parental details and carers and safeguarding notes.

There are several unusual things about this particular cyber attack:

  • We don't often see attacks on nurseries.
  • The hackers have contacted the parents directly as part of their extortion tactics.
  • The hackers contacted the BBC directly about the attack.

Parents have been notified and Kido are investigating the attack.  The full BBC report can be read: Children's names, pictures and addresses stolen in nursery chain hack

This is exactly where safeguarding meets cyber security and why it is now mentioned in the Keeping Children Safe in Education statutory guidance.  Review our articles about KCSIE and Cyber Security: 

How KCSIE is linked to Cyber Strategy

KCSIE 2025: Data Protection, AI and Cyber Security

There are many cyber attacks on schools and colleges that go unreported in the media - this one has been pushed out to the media by the hackers themselves, who contacted the BBC about the attack.  Most schools are able to preserve their reputation after an attack usually because it is dealt with quickly and not known about publicly, so this tactic changes things for schools.

Our advice is to refer to the DfE Digital Standards and ensure you meet the Cyber Security criteria set out; use this inline with either Cyber Essentials or the NCSC Cyber Assessment Framework.  If you want help tracking the DfE Digital Standards then contact us on This email address is being protected from spambots. You need JavaScript enabled to view it. and ask us about our tracker tools.

Ensure you regularly train staff on both data protection and cyber security and have a robust data breach procedure in place.

Safeguarding does now extend beyond locked doors, paper files and internal policies into the digital world.

This incident is alarming because of the sensitive nature of the stolen data, which includes safeguarding notes. The new and unusual tactic of contacting the parents and the media directly shows a more aggressive form of cyber extortion, one that not only targets the organisation's data but intentionally inflicts reputational damage and causes widespread public distress.  This event underlines the need for all nurseries, schools and colleges to treat cyber security as an integral part of their safeguarding responsibilities.

©2025 Data Protection Education Ltd.

Search