In this week’s digest, we’ll look at an incident that could become one of the largest data leaks ever reported among educational institutions in the Middle East. Hackers claim to possess 481 GB of data, including financial and personal records, and are threatening to release it publicly.

News about a major security incident is coming from Qatar. A ransomware gang posted an announcement about a claimed breach of Doha British School, one of the most prestigious education organizations in Qatar. It operates in three campuses: Ain Khalid, Al Wakra, and Rawdat Al Hamama.

Allegedly, criminals exfiltrated about 481 GB of internal data from the private school’s servers. To reinforce their claims, the announcement also includes screenshots of documents, such as marketing materials and images of internal school documents. The ransomware gang tried to push the school administration into a negotiation process by threats of publishing more stolen documents. That’s a common double-extortion strategy.

Criminals made big claims regarding exfiltrated information. According to the announcement, they stole almost 219,000 files, which include financial and personal records. However, no independent researchers have verified the trustworthiness of criminals' claims.

At the same time, Doha British School hasn’t made any public statement on the incident. Thus, the validity of claims is yet to be verified.

In the worst-case scenario, this incident could be at the top of the largest security incidents among education sector in the Middle East region. If criminals’ claims are true, this leak could potentially expose such sensitive data as:

• Students roster
• Employee contracts
• Financial records
• Tuition data.

It’s too early to make unambiguous statements on this incident. Time will tell who’s claims are close to reality. Under Qatar’s Personal Data Privacy Protection Law of 2016, businesses and other legal entities must notify authorities about leaks of personal information.

Educational institutions have become prime targets for cybercriminals because they hold vast amounts of sensitive information, from personal data on students and staff to academic records, certificates, and financial details. All of this data carries significant value for attackers.

To protect sensitive and confidential records, the SearchInform team has developed Risk Monitor, an internal threat protection platform. It is a single-agent solution with advanced capabilities, which is easy to operate and can be deployed swiftly in the cloud or on Windows- and Linux-operated workstations. Risk Monitor ensures complete 360-degree protection against internal threats.

Risk Monitor is a step forward in terms of security: in-built security policies and reporting templates allow for enhanced configuration of the DLP solution and reporting process. The system can be deployed in under one week and provides immediate results within the first month of work.