Home
Blog
News in Brief: Suspects in kindergarten cyber-blackmail case arrested in UK

News in Brief: Suspects in kindergarten cyber-blackmail case arrested in UK

Paul Ducklin
10/08/2025
Share this article:

Two suspects, aged 17 and 22, have been arrested in the UK in connection with cyber-blackmail crimes.

The pair are alleged to be responsible for a digital intrusion in September 2025 at a chain of children’s nursery schools (kindergartens) in London.

Sadly, corporate cybersecurity is often so poor, and data breaches so common, that this is just one of very many similar stories in recent months, as is the £600,000 extortion payment that the suspects are said to have demanded.

But there was a worrying difference in this case, given that the stolen data included the names, addresses and images of about 8000 nursery-age children who attended the schools.

The suspects apparently went as far as calling up and threatening some families directly, presumably with the intention of freaking the affected parents out so much that they would beg the company to cave in and pay off the criminals to delete the data.

Some data and images (affecting 20 children and their families, according to the BBC) were also deliberately published on the dark web, although the attackers subsequently blurred the images, perhaps realising that even as criminals they had gone too far.

Eventually, they removed the published data and claimed to have deleted everything.

Claims about deleting already-stolen data are as good as worthless.

Even if the criminals really did have a change of heart, there is no way to recall the data that was already explicitly leaked; there is no way to be sure the attackers are telling the truth; there is no way to be certain that they had the competence to complete the deletion properly even if they tried; and there is no way to tell whether the data had already been shared with, or stolen in turn, by another criminal group.

Cybercriminals often turn out to have atrocious operational security of their own.

In numerous ransomware cases handled by law enforcement in the past, data and decryption keys that the attackers “promised” had already been deleted have been found on seized servers.


Listen to this TALES FROM THE SOC podcast: Taming the ransomware beast.
News in Brief: Suspects in kindergarten cyber-blackmail case arrested in UK - SolCyber

If the media player above doesn’t work in your browser, try clicking here to listen in a new browser tab. Find TALES FROM THE SOC on Apple Podcasts, Audible, Spotify, Podbean, or via our RSS feed if you use your own audio app.

If you’re struggling to stay on top of the demands of finding, fixing and monitoring all the patch-points in your business, why not sign up with SolCyber for a human-centric, human-friendly cybersecurity service that doesn’t just throw AI at the problem and then leave you to work out whether the AI’s reports-added-to-all-the-other-reports are right or wrong?

News in Brief: Suspects in kindergarten cyber-blackmail case arrested in UK - SolCyber

SolCyber’s human-to-human cybersecurity will find, inform, fix, and explain the issues to you one-to-one, so you not only know what’s happened, but also how it was dealt with and why, and how you can adapt your business workflow positively to reduce the chance of it happening again.


More About Duck

Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!

Paul Ducklin
Paul Ducklin
10/08/2025
Share this article:

Table of contents:

The world doesn’t need another traditional MSSP 
or MDR or XDR.

What it requires is practicality and reason.

Related articles

Choose identity-first managed security.

We start with identity and end with transparency — protecting where attacks begin and keeping you informed, with as much visibility as you want. No black boxes, just clear, expert-driven security.
No more paying for useless bells and whistles.
No more time wasted on endless security alerts.
No more juggling multiple technologies and contracts.

Follow us!

Subscribe

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.

©
2025
SolCyber. All rights reserved
|
Made with
by
Jason Pittock

I am interested in
SolCyber XDR++™

I am interested in
SolCyber MDR++™

I am interested in
SolCyber Extended Coverage™

I am interested in
SolCyber Foundational Coverage™

I am interested in a
Free Demo

12690