FulcrumSec has claimed responsibility for a breach of Global Schools Group (GSG), the Singapore-headquartered education organization behind Global Indian International School (GIIS), One World International School, Glendale International School, East Academy, and several other international education brands.
The group alleges it exfiltrated approximately 4.8TB of data from GSG systems and is releasing a 111GB “highlights” package containing student, parent, employee, applicant, transport, communications, and source code data.
The claims remain unverified. Global Schools Group had not issued any public statement at time of publication, and BreachNews could not independently verify the authenticity, scale, or origin of the allegedly stolen data.
Global Schools Group operates dozens of campuses across Asia and the Middle East and serves tens of thousands of students. The organization has previously disclosed major investment commitments from Apollo-managed funds to support expansion and acquisitions across multiple countries.
Children’s passport records allegedly exposed
The most significant claim involves student and family identity records. FulcrumSec alleges the dataset contains 35,938 student profiles and 33,088 passport numbers belonging to students and their parents spanning 66 nationalities.
According to the post, the records allegedly include student passports, parent passport numbers, home addresses, emergency contacts, employer information, income details, medical information, and other enrollment-related records.
The group claims the affected families include diplomats, financial sector executives, technology professionals, and other high-profile individuals whose children attended GSG-operated schools.
If authentic, exposure of passport information involving minors could create long-term identity theft, impersonation, fraud, and privacy risks that may persist long after passwords or other credentials are changed.
Millions of school communications reportedly included
FulcrumSec also claims to have obtained approximately 9.4 million internal messages exchanged between parents, teachers, counselors, administrators, and school staff between 2006 and 2024.
The post alleges these communications contain discussions involving bullying incidents, disciplinary matters, medical issues, mental health concerns, harassment complaints, accident reports, salary disputes, and other sensitive matters involving students and employees.
The group published excerpts describing communications that allegedly referenced self-harm concerns, suicide disclosures, behavioral incidents, counseling discussions, and hospitalizations.
BreachNews is not reproducing any of the alleged communications due to the sensitive nature of the material and the involvement of minors.
Cloud infrastructure and credentials allegedly accessed
FulcrumSec claims the intrusion began in April 2026 after obtaining access to Global Schools Group’s AWS environment.
The group alleges it discovered dozens of S3 buckets, multiple Microsoft SQL Server instances, MongoDB databases, AWS Secrets Manager entries, source code repositories, and internal administrative systems.
Among the most serious allegations is a claim that 12,303 teacher and staff passwords were stored in plaintext. The group further alleges that nearly all of those accounts used the same password.
The post also claims access to 168 AWS Secrets Manager entries, cloud credentials, authentication keys, database connection strings, OAuth credentials, Twilio tokens, encryption keys, and source code repositories associated with GSG’s SmartLearn and MyGIIS platforms.
Transport, attendance and visitor records reportedly included
Beyond student records, FulcrumSec claims the data contains extensive operational information covering school transportation systems and campus activities.
The listing alleges exposure of more than 107,000 transport user records, 183,000 trip records containing GPS data, over 221 million attendance records, and nearly 23,000 visitor photographs collected across school campuses.
According to the group, the information could potentially reveal historical attendance patterns, transportation routes, pickup and drop-off locations, and other operational data associated with students and families.
The post also alleges the breach affected nearly 47,000 job applicant folders containing passport scans, visa documents, medical certificates, resumes, and other employment-related records.
Group cites alleged prior compromise
FulcrumSec further claims it discovered evidence suggesting Global Schools Group systems may have experienced an earlier compromise in 2022.
According to the post, MongoDB databases allegedly contained remnants of historical ransomware-related activity, including databases named after ransom notes. The group claims credentials associated with those systems had not been changed since that period.
BreachNews could not independently verify those allegations.
Verification remains outstanding
The claims made by FulcrumSec are extensive and, if verified, would represent one of the more significant education-sector data exposures reported this year due to the volume of student information, identity documents, internal communications, and employee records allegedly involved.
However, the breach claims currently rely primarily on evidence and descriptions supplied by the group itself. While the post contains detailed descriptions of purported datasets, cloud infrastructure, credentials, and internal records, independent verification remains outstanding.
At time of publication, Global Schools Group and its affiliated school brands had not issued any public statement addressing the allegations.
Readers concerned about potential exposure of personal information can review our guide on how to respond when you receive a data breach notification.
