PDPC to investigate cybersecurity incident at Global Schools Group

The Personal Data Protection Commission (PDPC) in Singapore announced on June 10 it will investigate a cybersecurity breach at Global Schools Group, which operates the Global Indian International School in Punggol. The incident allegedly involved the hacking group Fulcrum Sec, which claimed to have obtained 4.8 terabytes of sensitive data, including home addresses, passport numbers, salary details, and private correspondence belonging to students, parents, and staff. Global Schools Group confirmed the cybersecurity incident on June 11, stating it was addressed promptly with external specialists and that affected systems were restored. The group emphasized that all regulatory and law enforcement authorities were notified, and security remains a top priority. However, the total number of affected individuals has not been disclosed. Fulcrum Sec first surfaced in September 2025 and is known for targeting cloud-stored data, often demanding payment to prevent public leaks. According to threat intelligence platform FalconFeeds.io, the group is linked to at least 25 breaches, including attacks on Australian fintech firm YouX and American data analytics firm LexisNexis. The Cyber Security Agency of Singapore’s response team reached out to Global Schools Holdings to advise on securing its servers. The PDPC and other authorities are now assessing the breach’s scope and potential impact. Global Schools Group operates 64 campuses across 11 countries, with the Singapore campus located in Punggol. The incident underscores growing concerns over data security in educational institutions.