Vikaasa, Harrods International Academy and Dwight School Seoul: Data analysis of the Global Schools Group breach, Part 1

Vikaasa, Harrods International Academy and Dwight School Seoul: Data analysis of the Global Schools Group breach, Part 1

Global Schools Group Data Breach Exposes Sensitive Data of 183,000+ Users Across 12 Brands

A massive data breach at Global Schools Group (GSG), a multinational K-12 education network, has exposed the personal and sensitive information of over 183,000 students, parents, and staff across 12 school brands and 60+ campuses in 10 countries. The breach, first reported on June 12, was carried out by the threat actor FulcrumSec, which leaked the data and later provided detailed findings to DataBreaches.

Scope of the Breach

GSG operates a centralized AWS database shared across all its brands, meaning the breach affected every school in its network. The compromised data includes:

  • 183,164 user accounts (83,132 students, 88,856 parents, 11,176 staff)
  • 35,938 student enrollment records containing passport numbers, government IDs (Aadhaar, NRIC, Emirates ID), and family PII
  • 9.4 million internal messages (2006–2024), including medical and disciplinary disclosures
  • 8.6 million attendance records
  • 122,862 Twilio SMS messages
  • 112 source code repositories and 168 AWS secrets
  • 46,901 job applicant folders with ID document scans
  • 11,176 staff password hashes (SHA-256)

Affected Brands & Data Exposure

While all 12 GSG brands were impacted, Global Indian International School (GIIS) the group’s flagship brand suffered the deepest exposure, including:

  • ~33,000 passport numbers (students, parents)
  • 23,856+ government IDs (Aadhaar, NRIC, Emirates ID)
  • 9.4 million internal messages (including medical and counseling records)
  • 626,000 email attachments

Other affected brands include:

  • One World International School (OWIS) – Exposed 9,000+ student/parent records (names, DOB, addresses, password hashes) and 5,896 messages.
  • Glendale Academy4,800+ records with Aadhaar numbers and 512 internal messages.
  • Additional brands (Vikaasa, Harrods, CIS Manila, Dwight Seoul, etc.) also had account-level data compromised.

Geographic Impact

The breach spans 10 countries, with the highest exposure in:

  • Singapore (GIIS, OWIS)
  • India (GIIS, Glendale, Vikaasa, Global/Witty)
  • UAE (GIIS Abu Dhabi/Dubai, Glendale Dubai)
  • Japan, Malaysia, Cambodia, Philippines, South Korea, Saudi Arabia, UK

Student nationalities in the data span 66 countries, indicating a truly global impact.

How the Breach Occurred

FulcrumSec accessed the data through compromised credentials tied to GSG’s shared AWS infrastructure. The threat actor used AI-assisted crawling to extract records, though some minor errors in deduplication may exist.

A second report will provide further details on the remaining affected brands.

Source: https://databreaches.net/2026/06/18/data-analysis-of-the-global-schools-group-breach-part-1/

Vikaasa Group of Schools cybersecurity rating report: https://www.rankiteo.com/company/vikaasa-global-of-schools

Harrods Language & International Schools cybersecurity rating report: https://www.rankiteo.com/company/harrodsschools

Dwight Global Online School cybersecurity rating report: https://www.rankiteo.com/company/dwight-global-online-school

"id": "VIKHARDWI1781800805",
"linkid": "vikaasa-global-of-schools, harrodsschools, dwight-global-online-school",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '~33,000 passport numbers, '
                                              '23,856+ government IDs, 9.4 '
                                              'million internal messages, '
                                              '626,000 email attachments',
                        'industry': 'K-12 Education',
                        'location': 'Singapore, India, UAE, Japan, Malaysia, '
                                    'Cambodia, Philippines, South Korea, Saudi '
                                    'Arabia, UK',
                        'name': 'Global Indian International School (GIIS)',
                        'size': 'Flagship brand of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': '9,000+ student/parent records, '
                                              '5,896 messages',
                        'industry': 'K-12 Education',
                        'location': 'Singapore',
                        'name': 'One World International School (OWIS)',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': '4,800+ records with Aadhaar '
                                              'numbers, 512 internal messages',
                        'industry': 'K-12 Education',
                        'location': 'India, UAE',
                        'name': 'Glendale Academy',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': 'Account-level data compromised',
                        'industry': 'K-12 Education',
                        'location': 'India',
                        'name': 'Vikaasa',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': 'Account-level data compromised',
                        'industry': 'K-12 Education',
                        'name': 'Harrods International Academy',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': 'Account-level data compromised',
                        'industry': 'K-12 Education',
                        'location': 'Philippines',
                        'name': 'CIS Manila',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': 'Account-level data compromised',
                        'industry': 'K-12 Education',
                        'location': 'South Korea',
                        'name': 'Dwight Seoul',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'},
                       {'customers_affected': 'Account-level data compromised',
                        'industry': 'K-12 Education',
                        'location': 'India',
                        'name': 'Global/Witty International School',
                        'size': 'Part of Global Schools Group',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Compromised credentials',
 'data_breach': {'data_encryption': 'Password hashes (SHA-256), but other data '
                                    'unencrypted',
                 'data_exfiltration': 'Yes (by FulcrumSec)',
                 'file_types_exposed': 'Email attachments, ID document scans, '
                                       'source code, internal messages',
                 'number_of_records_exposed': '183,164 user accounts, 35,938 '
                                              'student enrollment records, 9.4 '
                                              'million internal messages, 8.6 '
                                              'million attendance records, '
                                              '122,862 Twilio SMS messages, '
                                              '46,901 job applicant folders',
                 'personally_identifiable_information': 'Yes (names, DOB, '
                                                        'addresses, passport '
                                                        'numbers, government '
                                                        'IDs)',
                 'sensitivity_of_data': 'High (government IDs, medical '
                                        'records, disciplinary records, '
                                        'password hashes)',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Passport numbers',
                                              'Government IDs (Aadhaar, NRIC, '
                                              'Emirates ID)',
                                              'Medical records',
                                              'Disciplinary records',
                                              'Internal messages',
                                              'Attendance records',
                                              'Twilio SMS messages',
                                              'Source code repositories',
                                              'AWS secrets',
                                              'Job applicant folders with ID '
                                              'scans',
                                              'Staff password hashes '
                                              '(SHA-256)']},
 'date_detected': '2024-06-12',
 'date_publicly_disclosed': '2024-06-12',
 'description': 'A massive data breach at Global Schools Group (GSG), a '
                'multinational K-12 education network, has exposed the '
                'personal and sensitive information of over 183,000 students, '
                'parents, and staff across 12 school brands and 60+ campuses '
                'in 10 countries. The breach was carried out by the threat '
                'actor FulcrumSec, which leaked the data and later provided '
                'detailed findings to DataBreaches.',
 'impact': {'brand_reputation_impact': 'Severe reputational damage to Global '
                                       'Schools Group and its 12 brands',
            'data_compromised': '183,164 user accounts, 35,938 student '
                                'enrollment records, 9.4 million internal '
                                'messages, 8.6 million attendance records, '
                                '122,862 Twilio SMS messages, 112 source code '
                                'repositories, 168 AWS secrets, 46,901 job '
                                'applicant folders, 11,176 staff password '
                                'hashes',
            'identity_theft_risk': 'High (exposure of passport numbers, '
                                   'government IDs, PII)',
            'operational_impact': 'Exposure of sensitive student, parent, and '
                                  'staff data across 12 brands',
            'systems_affected': 'AWS database, centralized school management '
                                'system'},
 'initial_access_broker': {'entry_point': 'Compromised credentials tied to '
                                          'shared AWS infrastructure'},
 'investigation_status': 'Ongoing (second report pending)',
 'post_incident_analysis': {'root_causes': 'Shared AWS infrastructure '
                                           'misconfiguration, lack of proper '
                                           'access controls'},
 'references': [{'source': 'DataBreaches'}],
 'threat_actor': 'FulcrumSec',
 'title': 'Global Schools Group Data Breach Exposes Sensitive Data of 183,000+ '
          'Users Across 12 Brands',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Shared AWS infrastructure misconfiguration'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.