The cybercrime group Radiant targeted Kido Schools, Japan’s largest private childcare provider, in one of the country’s most serious cyberattacks. The breach laid bare sensitive personal information and sexually explicit images of nearly 8,000 children. It made public their parents’ and caregivers’ contact information, too. Radiant first asked for a massive £600,000 ransom payment in Bitcoin. Despite this, they backtracked after public outcry, eventually claiming that they had removed all misappropriated data.
Radiant alleged that they entered Kido’s systems after purchasing the ability to enter through a staff member’s computer. That particular computer had already been commandeered by an unrelated hacker. The gang took advantage of the TMX vulnerability to hack Kido’s infrastructure. Childhood photos of children enrolled in the schools.
After the breach, Kido Schools chose not to pay the ransom. Consequently, Radiant uploaded profiles of the American-born kids to their website. They doctored photographs at first, as a ploy, but later announced they had removed all information captured from Kido’s systems.
“We are sorry for hurting kids,” – Radiant.
The cybercriminals had guaranteed to alleviate parents’ fears. They promised them that all the data on children would be deleted.
“All child data is now being deleted. No more remains and this can comfort parents,” – one of the cyber-criminals involved.
Most of the data stolen came from Kido’s account with Famly, a fast-growing platform for managing early years education. Yet Famly disputed Kido’s claim that the breach came because their system was hacked.
Cybercrime experts say that Kido’s case is indicative of a larger trend in the black market for cybercrime. Cybersecurity expert Jen Ellis pointed out that this incident is a great example of a common practice. An “initial access broker” sells this compromised access to the highest bidder, often to attackers like Radiant.
“This is more about pragmatism than morality,” – Jen Ellis.
In this new landscape, the scale and sophistication of cyberattacks are advancing with multi-attack gang members using advanced methods to penetrate targets. Radiant paid the first access broker to get access into Kido’s systems. Because of this payment, they were able to carry out their attack without a hitch.
Kido Schools has not publicly responded to questions regarding how this data was stolen. They haven’t shared any details about what caused the breach. Now the beleaguered organization is trying to win back parents’ trust. It isn’t surprising that they’re concerned about the safety of their kids’ data.
