Nursery chain cyber security attack – What it means for early years providers

Recent news reports have shed light on a cyber-attack which has targeted children from the Kido nursery chain. With growing attention on cyber security, it’s more important than ever to ensure your data protection procedures are robust and up to date.

According to the report, hackers have stolen photos, names, and addresses of around 8,000 children, along with details about parents and carers. This information is being used in a ransom demand against the company. The criminals have already published a sample of data on their darknet website, including pictures and profiles of 10 children from the stolen data set. It has been published as part of their attempt to extort money from the nursery chain, which operates 18 nurseries mostly in the London area.

This incident is a stark reminder of the growing cybersecurity threats facing schools and nurseries, and the importance of robust data protection practices.

Nurseries and early years providers are legally required to protect the personal data of children, parents and staff under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Key obligations include data security and minimisation, staff training and accountability. There is also an obligation to ensure that serious data breaches, such as this one, are reported to the Information Commissioner’s Office (ICO) within 72 hours, and affected individuals must be informed where there is a high risk to their rights and freedoms.

Read the full article on BBC News.

How we can help

If this news has raised concerns about your own procedures, or if you have suffered a data breach, our team can assist with data protection compliance, incident response and risk management.