Skip to content

Incidents in sector:

Education

EspionageContained

UNC6508 PRC-nexus medical & defense research espionage campaign

Google's Threat Intelligence Group disclosed that PRC-nexus actor UNC6508 spent more than a year inside U.S. and Canadian medical, academic and military-health research environments, compromising legacy REDCap servers, deploying custom INFINITERED malware and abusing Google Workspace email compliance rules to silently exfiltrate research and defense data.

Victim
U.S. and Canadian medical, academic and military-health research institutions
Data breachOngoing

FulcrumSec leaks Global Schools Foundation data, exposing 33,000+ children's and parents' passports

The extortion group FulcrumSec claimed it stole roughly 4.8 terabytes of data from Singapore-based Global Schools Foundation after exploiting database credentials left unchanged since a 2022 breach, leaking 33,088 passport numbers belonging to children and parents and around 9.4 million internal messages when ransom negotiations collapsed.

Victim
Global Schools Foundation
Data breachRansom paid

Instructure Canvas LMS ShinyHunters breach (2026)

ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools β€” names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.

Victim
Instructure (Canvas LMS)
Loss
$10.0M
Records
275.0M
Data breachContained

UniversitΓ© Aix-Marseille: an internal data leak targeting students and staff

On 22 April 2026 the group LunarisSec claimed a data leak from France's UniversitΓ© Aix-Marseille, posting screenshots of internal user lists with names, institutional emails and profile data for students, doctoral candidates, interns and staff; the university cut its network and said systems and data integrity were preserved.

Victim
UniversitΓ© Aix-Marseille
Supply chainOngoing

Leak at IAE Grenoble (via AlumnForce)

In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

Victim
IAE Grenoble
Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions β€” including names, emails, phone numbers, locations, career history and education details β€” now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora β€” the University of Lille's alumni network β€” saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora
Data breachResolved

McGraw Hill data breach (2026)

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform".

Victim
McGraw Hill
Records
13.5M
Data breachUnknown

Leak at GDQuest

On 30 March 2026, a database from GDQuest β€” a French e-learning platform for the Godot game engine β€” surfaced on a hacking forum, exposing learners' email addresses, usernames/account slugs and the titles and prices of purchased courses.

Victim
GDQuest
Data breachUnknown

Leak at Pronote

A claimed leak of Pronote login credentials (email addresses and passwords) belonging to French students and parents was reported circulating for sale on the dark web; publisher Index Education stated its own systems were not breached, the credentials stemming from phishing and account theft.

Victim
Pronote
Data breachContained

Leak at ESPCI

In late February 2026, ESPCI Paris (a PSL University engineering and research school) disclosed that an access-control flaw let unidentified actors harvest its internal directory, exposing identity and contact details of students, staff and external personnel; passwords were not affected.

Victim
ESPCI
Data breachUnknown

21,647 people affected by a data leak at Inria

Disclosed on 31 January 2026, a confirmed data leak at France's Inria research institute exposed personal records of about 21,647 staff and collaborators from Inria, IRISA and partner research units, including names, dates of birth, postal addresses and household details.

Victim
Inria (Institut National de Recherche en Informatique et en Automatique)
Records
21.6K
Data breachContained

Leak at Code Rousseau

In late January 2026, French driving-education company Codes Rousseau disclosed unauthorized access to its Easysystème platform, exposing learner identity and contact details, ID photos, signatures and NEPH driving-licence numbers; ~30,000 records were later put up for sale.

Victim
Code Rousseau
Data breachUnknown

Leak at Le CNAM

A dataset tied to the Conservatoire National des Arts et MΓ©tiers (CNAM), the French public higher-education institution, was reported leaked around 28 January 2026, exposing personal records for roughly 10,000 people including names, contact details, dates of birth and job information.

Victim
Le CNAM
Data breachUnknown

Data leak at UGSEL

On 28 January 2026, a dataset exposing personal details of roughly 600 students linked to UGSEL β€” the French Catholic-schools sports federation β€” surfaced online, including names, gender, dates of birth and class/category information.

Victim
UGSEL
Data breachUnknown

Leak at Sciences Po

On 25 January 2026, a SQL dump of internal databases belonging to Sciences Po β€” the Paris Institute of Political Studies β€” surfaced online, exposing data held by the higher-education institution as part of a broader wave of French data leaks that month.

Victim
Sciences Po
Data breachContained

Claimed leak at Γ‰cole nationale supΓ©rieure d'arts et mΓ©tiers (volume not specified)

On 21 January 2026, French engineering grande Γ©cole ENSAM (Arts et MΓ©tiers) disclosed a personal-data breach resulting from external malicious activity, exposing students' names, social security numbers, scholarship decisions and amounts, and work-stoppage dates; the total volume was not specified.

Victim
Γ‰cole nationale supΓ©rieure d'arts et mΓ©tiers (ENSAM)
Data breachContained

Leak at ENSAM

ENSAM, a French public engineering school (Arts et MΓ©tiers), reported a data breach caused by a malicious external act, exposing students' names, social security numbers, scholarship award decisions and amounts, and sick-leave dates.

Victim
ENSAM
Data breachContained

Leak at Info Jeunes Bourgogne Franche-ComtΓ©

In January 2026, Info Jeunes Bourgogne Franche-ComtΓ©, the regional youth information service running the Carte Avantages Jeunes, had identity data on some 282,906 cardholders stolen and offered for sale on the dark web; exposed fields were limited to identification and contact details.

Victim
Info Jeunes Bourgogne Franche-ComtΓ©
Records
282.9K
Data breachContained

Data leak at AgroParisTech

In January 2026, AgroParisTech β€” France's leading graduate school of agronomy and life sciences β€” suffered a cyberattack in which an intruder claimed to have exfiltrated around 211 GB of data, exposing HR and personal records of staff, students and external contributors.

Victim
AgroParisTech
Data breachOngoing

Data leak at UniversitΓ© de Lille

On 29 December 2025, a record of 7,244 UniversitΓ© de Lille students β€” reportedly from an IUT Informatique internship database β€” was posted on BreachForums by an actor using the LAPSUS$ name, exposing names, dates of birth, postal addresses, emails and phone numbers.

Victim
UniversitΓ© de Lille
Records
7.2K
Data breachResolved

WhiteDate data breach (2025)

In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ.

Victim
WhiteDate
Records
20.4K
Data breachOngoing

Leak at Allegro Musique

On 28 December 2025, a database of 161,412 members of French at-home music-lesson provider Allegro Musique was leaked, exposing names, postal addresses, emails, phone numbers, social security numbers and registration details.

Victim
Allegro Musique
Records
161.4K
Data breachResolved

University of Pennsylvania data breach (2025)

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims.

Victim
University of Pennsylvania
Records
623.8K
RansomwareOngoing

Leak at Hauts-de-France high schools

Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

Victim
Hauts-de-France high schools
Data breachUnknown

Leak at Centrale Nantes

On 26 March 2025, internal data from Centrale Nantes, a French public engineering grande Γ©cole, was reported leaked, including private reports and projects, user logins with password hashes, source code, and administrative documents.

Victim
Centrale Nantes
Data breachUnknown

Leak at Γ‰cole Nationale de la SΓ©curitΓ©

Disclosed on 28 February 2025, a data breach at France's Γ‰cole Nationale de la SΓ©curitΓ©, a private-security and VTC training school, exposed the personal records of roughly 30,000 trainees, including national ID numbers, social security numbers, VTC licence numbers and contact details.

Victim
Γ‰cole Nationale de la SΓ©curitΓ©
Records
30.0K
Data breachResolved

The Real World data breach (2024)

In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.

Victim
The Real World
Records
324.4K
Data breachResolved

PoinCampus data breach (2024)

In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth.

Victim
PoinCampus
Records
89.1K
Data breachContained

Leak at Ornikar

In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.

Victim
Ornikar
Records
4.2M
Data breachResolved

Sphero data breach (2023)

In September 2023, over 1M rows of data from the educational robots company Sphero was posted to a popular hacking forum. The data contained 832k unique email addresses alongside names, usernames, dates of birth and geographic locations.

Victim
Sphero
Records
832.3K
DDoSResolved

Greek school-exam system DDoS attack

A massive multi-day DDoS attack on Greece's 'Subject Bank' (Trapeza Thematon) high-school exam platform disrupted nationwide exams with up to 280,000 connections per second and 165 million hits from 114 countries, the largest attack on a Greek public body.

Victim
Greek Ministry of Education (Subject Bank / Trapeza Thematon)
Data breachResolved

TheGradCafe data breach (2023)

In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes.

Victim
TheGradCafe
Records
311.0K
Data breachResolved

Liker data breach (2021)

In March 2021, the self-proclaimed "kinder, smarter social network" Liker suffered a data breach, allegedly in retaliation for the Gab data breach and scraping of data from Parler.

Victim
Liker
Records
465.1K
Data breachResolved

University of California data breach (2020)

In December 2020, the University of California suffered a data breach due to vulnerability in in a third-party provider, Accellion. The breach exposed extensive personal data on both students and staff including 547 thousand unique email addresses, names, dates of birth, genders, social security…

Victim
University of California
Records
547.4K
Data breachResolved

ProctorU data breach (2020)

In June 2020, the online exam service ProctorU suffered a data breach which was subsequently shared extensively across online hacking communities. The breach contained 444k user records including names, email and physical addresses, phones numbers and passwords stored as bcrypt hashes.

Victim
ProctorU
Records
444.5K
RansomwareRansom paid

Maastricht University Clop ransomware (Netherlands, 2019)

TA505 used Clop ransomware to encrypt 267 Maastricht University servers over Christmas 2019 after two phishing emails on 15–16 October had compromised the network. The university paid 30 BTC (~$220,000). The ransom Bitcoin β€” later seized from a money mule β€” was returned and had appreciated, leaving the university ahead by ~$300,000.

Victim
Maastricht University
Loss
$220.0K
Data breachResolved

TaiLieu data breach (2019)

In November 2019, the Vietnamese education website TaiLieu allegedly suffered a data breach exposing 7.3M customer records. Impacted data included names and usernames, email addresses, dates of birth, genders and passwords stored as unsalted MD5 hashes.

Victim
TaiLieu
Records
7.3M
EspionageResolved

Australian National University data breach

A sophisticated, likely state-sponsored actor breached the Australian National University's administrative systems in late 2018, exfiltrating up to 19 years of staff and student records in an intrusion praised by ANU's own report for its extraordinary operational security.

Victim
Australian National University
Records
200.0K
Data breachResolved

GameSalad data breach (2019)

In February 2019, the education and game creation website Game Salad suffered a data breach. The incident impacted 1.5M accounts and exposed email addresses, usernames, IP addresses and passwords stored as SHA-256 hashes.

Victim
GameSalad
Records
1.5M
Data breachResolved

Youthmanual data breach (2019)

In January 2019, the Indonesian college and career platform Youthmanual suffered a data breach that exposed 1.1M records of data. The breached included 938k unique email addresses along with extensive personal information including names, genders, dates and places of birth, phone numbers, physical…

Victim
Youthmanual
Records
937.9K
Data breachResolved

Florida Virtual School data breach (2018)

In March 2018, the Florida Virtual School (FLVS) posted a data breach notification to their website. The school had identified a data breach which had occurred sometime between 6 May 2016 and 12 Feb 2018 and an XML file containing 368k student records was subsequently found circulating.

Victim
Florida Virtual School
Records
542.9K
Data breachResolved

Edmodo data breach (2017)

In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available.

Victim
Edmodo
Records
43.4M
Insider threatResolved

Benesse insider data breach

A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers β€” the largest insider data theft in Japanese history, triggering a Β₯20 billion compensation programme.

Victim
Benesse Holdings
Loss
$190.0M
Records
35.0M