GLOBAL Schools Group obtained two court injunctions in June 2026 hoping to stem the spread of data leaked by the threat actor FulcrumSec, but the orders have done little to stop the information from circulating online. The leak, first reported in April, exposed 4.8 terabytes of internal files and continues to fuel concerns over privacy and security for tens of thousands of students and staff.
The breach saw attackers exfiltrate 4.8 TB of data, including 33,088 passport numbers, 9.4 million internal messages, plaintext passwords for teaching staff and a range of confidential operational documents. No CVE identifiers have been associated with the intrusion, indicating the compromise likely stemmed from compromised credentials or misconfigured services rather than a software vulnerability.
In response, GSG secured an ad-interim injunction from the High Court of Bombay on 12 June 2026 and a similar order from a Singapore court the following day. Both orders aimed to bar FulcrumSec and associated parties from publishing or distributing the stolen information, yet the group said it was unaware of the Bombay ruling and vowed to continue its activities.
Legal commentators warned that the injunctions risked overreach, potentially limiting legitimate reporting and raising questions about the balance between privacy protections and freedom of the press. Despite the court orders, samples of the leaked data have persisted on forums