Kido Nurseries cyber incident: key facts and practical guidance for the education sector, parents and students
What is known so far?
The National Cyber Security Centre (NCSC) has confirmed that Kido Nurseries has experienced a cyber incident and that investigations are ongoing. Full details of the breach and its technical cause are yet to be confirmed; the breach is assumed to be of data stored on a third-party platform used to manage student records. Given the sensitivity of the information leaked, the incident is understandably worrying for parents and carers.
According to public reporting, hackers claim to have obtained the names, addresses, photographs and other personal data of around 8,000 children; and allege to have further data on parents, carers and safeguarding information.
The attackers have published a sample of the stolen personal data online and, in some cases, have made ransom demands directly to parents. Although the data has now been removed by the attackers, the damage has already been done. The Metropolitan Police’s Cyber Crime Unit has received a referral, and the incident has been reported to the Information Commissioner’s Office (ICO).
It is too early to know the root cause, whether the breach resulted from something as simple as a phishing email or something more complex.
Nevertheless, there are immediate considerations for all education and early-years providers to review and reinforce their cyber defences and expand awareness of current threats.
Why does the education sector face heightened cyber threats?
- Organisations hold large volumes of personal and safeguarding data, including special category data as defined under the UK GDPR.
- Multiple user groups of staff, students, parents and third parties.
- Unsupported or fragmented systems with potential gaps in patching.
- High email volumes and inconsistent user awareness and training.
- Operational disruption in childcare or schools creates an opportunity for increased leverage for extortion.
What are the common tactics attackers use against the sector?
- Phishing and impersonation emails or messages posing as parents, suppliers or trusted staff.
- Use of compromised or weak credentials.
- Multi-factor authentication (MFA) fatigue, where repeated push notifications or other methods trick users into approving unauthorised access are used.
- Malicious attachments and links where files or URLs are designed to deliver malware or harvest credentials.
- Abusing misconfigured network devices such as firewalls or routers with default configurations or unnecessary services exposed.
- Exploiting unpatched systems, applications or firmware with known vulnerabilities that have not been updated.
What actions can education providers take immediately?
- Ensure MFA is in place for all accounts, i.e. MIS Software, Finance, Microsoft 365, etc.
- Ensure data protection is embedded into practice by undertaking training and awareness sessions and implementing policies and procedures to protect the sensitive personal data which the sector processes.
- Enforce least-privilege access to personal data by granting users only the permissions necessary for their role and reviewing privileges regularly.
- Separate and protect administrator accounts, using dedicated admin credentials that are not used for everyday tasks.
- Disable unused or dormant accounts, including former students, staff and contractors.
- Reset any default passwords and where system compromise is suspected.
- Apply all high and critical security patches for applications and systems.
- Confirm that offline back-ups are in place and recoverable.
- Consider implementing the Cyber Essentials 5 key control areas.
The Kido Nurseries incident is a timely reminder for all education providers to review their cyber security measures and reassure families that the protection of their data is taken seriously.
Guidance for parents and carers
Use strong, unique passwords for all important accounts and store them in a reputable password manager.
Enable MFA on email, banking, shopping and any school or childcare portals.
Keep software and devices up to date by installing security updates promptly on phones, tablets, computers and home routers.
Be cautious with emails, texts and calls. Don’t click on unexpected links or open attachments unless you are certain of the source.
Protect home wi-fi by changing default router passwords and using a strong wi-fi access key.
Talk to children about online safety so they understand how to spot and report suspicious activity.
Guidance for students
Think before you click – avoid links or downloads from people you don’t know.
Keep passwords private – never share them with friends and use different passwords for different accounts.
Report anything unusual to a parent, carer, teacher or other trusted adult – such as strange pop-ups, unexpected login requests or messages that make you uncomfortable.
Be careful with personal information – when posting or communicating online, only share what is necessary and with people you know.
Shared devices – log out of shared or public devices when you finish using them.
How can Moore Kingston Smith help?
The Kido Nurseries cyber incident highlights the importance of schools regularly assessing their cyber resilience and data protection practices. Alongside compliance with UK GDPR, many schools also rely on the Department for Education’s risk protection arrangement (RPA), which requires specific cyber security measures for its cyber incident cover to apply.
If you would like to strengthen your organisation’s overall cyber resilience, please contact us.
For those directly impacted by the Kido Nurseries cyber incident, we offer an initial conversation at no cost to help you understand immediate next steps and where to find appropriate support. For all education and early-years providers, a brief discussion will help you identify where to focus effort and begin developing a clear, proportionate strategy to protect sensitive data, meet key regulatory expectations and, most importantly, maintain the trust of parents, staff and governors.
Key NCSC resources:
Cyber Essentials – NCSC.GOV.UK
