PCF Sparkletots Investigates Potential Data Breach Involving Vendor LittleLives
Singapore’s Personal Data Protection Commission (PDPC) is probing a potential data breach at PCF Sparkletots, a pre-school under the PAP Community Foundation, after its vendor, LittleLives, reported unauthorized access to a portion of the school’s pupil management system.
In a June 1 letter to parents and guardians, PCF Sparkletots confirmed the incident, stating that personal data including pupil names, identification details, class information, parent/guardian contact details, and invoice-related records may have been exposed. The school clarified that while the unauthorized access has been contained, investigations are ongoing to determine whether any data was viewed, downloaded, or misused.
PCF Sparkletots has filed reports with the PDPC and police, and is coordinating with the Early Childhood Development Agency (ECDA). The school has not disclosed when the breach occurred or who was responsible. Parents seeking updates were directed to contact PCF Sparkletots via email.
A spokesperson for PCF Sparkletots emphasized the organization’s commitment to data protection, noting that security measures will be strengthened as part of the investigation. The PDPC has acknowledged the incident and is conducting its own review. Authorities, including the Cyber Security Agency of Singapore, have been contacted for further details.
LittleLives TPRM report: https://www.rankiteo.com/company/littlelives
PCF Sparkletots TPRM report: https://www.rankiteo.com/company/pcf-sg
"id": "pcflit1780412041",
"linkid": "pcf-sg, littlelives",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Pupils and their '
'parents/guardians',
'industry': 'Education',
'location': 'Singapore',
'name': 'PCF Sparkletots',
'type': 'Pre-school'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Parents and guardians notified via letter and email',
'data_breach': {'personally_identifiable_information': 'Pupil names, '
'identification '
'details, '
'parent/guardian '
'contact details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal data'},
'date_publicly_disclosed': '2024-06-01',
'description': 'Singapore’s Personal Data Protection Commission (PDPC) is '
'probing a potential data breach at PCF Sparkletots, a '
'pre-school under the PAP Community Foundation, after its '
'vendor, LittleLives, reported unauthorized access to a '
'portion of the school’s pupil management system. Personal '
'data including pupil names, identification details, class '
'information, parent/guardian contact details, and '
'invoice-related records may have been exposed.',
'impact': {'data_compromised': 'Pupil names, identification details, class '
'information, parent/guardian contact details, '
'invoice-related records',
'identity_theft_risk': 'High',
'systems_affected': 'Pupil management system'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Security measures will be '
'strengthened'},
'recommendations': 'Strengthen security measures',
'references': [{'source': 'PCF Sparkletots letter to parents and guardians'}],
'regulatory_compliance': {'regulatory_notifications': 'Report filed with '
'PDPC'},
'response': {'communication_strategy': 'Letter to parents and guardians, '
'email contact for updates',
'containment_measures': 'Unauthorized access contained',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Parents and guardians advised to contact PCF '
'Sparkletots for updates',
'title': 'PCF Sparkletots Potential Data Breach Involving Vendor LittleLives',
'type': 'Data Breach'}