Two suspects, aged 17 and 22, have been arrested in the UK in connection with cyber-blackmail crimes.
The pair are alleged to be responsible for a digital intrusion in September 2025 at a chain of children’s nursery schools (kindergartens) in London.
Sadly, corporate cybersecurity is often so poor, and data breaches so common, that this is just one of very many similar stories in recent months, as is the £600,000 extortion payment that the suspects are said to have demanded.
But there was a worrying difference in this case, given that the stolen data included the names, addresses and images of about 8000 nursery-age children who attended the schools.
The suspects apparently went as far as calling up and threatening some families directly, presumably with the intention of freaking the affected parents out so much that they would beg the company to cave in and pay off the criminals to delete the data.
Some data and images (affecting 20 children and their families, according to the BBC) were also deliberately published on the dark web, although the attackers subsequently blurred the images, perhaps realising that even as criminals they had gone too far.
Eventually, they removed the published data and claimed to have deleted everything.
Claims about deleting already-stolen data are as good as worthless.
Even if the criminals really did have a change of heart, there is no way to recall the data that was already explicitly leaked; there is no way to be sure the attackers are telling the truth; there is no way to be certain that they had the competence to complete the deletion properly even if they tried; and there is no way to tell whether the data had already been shared with, or stolen in turn, by another criminal group.
Cybercriminals often turn out to have atrocious operational security of their own.
In numerous ransomware cases handled by law enforcement in the past, data and decryption keys that the attackers “promised” had already been deleted have been found on seized servers.
If you’re struggling to stay on top of the demands of finding, fixing and monitoring all the patch-points in your business, why not sign up with SolCyber for a human-centric, human-friendly cybersecurity service that doesn’t just throw AI at the problem and then leave you to work out whether the AI’s reports-added-to-all-the-other-reports are right or wrong?
SolCyber’s human-to-human cybersecurity will find, inform, fix, and explain the issues to you one-to-one, so you not only know what’s happened, but also how it was dealt with and why, and how you can adapt your business workflow positively to reduce the chance of it happening again.
Paul Ducklin is a respected expert with more than 30 years of experience as a programmer, reverser, researcher and educator in the cybersecurity industry. Duck, as he is known, is also a globally respected writer, presenter and podcaster with an unmatched knack for explaining even the most complex technical issues in plain English. Read, learn, enjoy!
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
