HomeNewsBreachesAbout
Account

Ransomware group claims breach at prestigious Doha British School in Qatar

DataBreach.com Team · · October 26th 2025, 8:45 am EDT

Ransomware group claims breach at prestigious Doha British School in Qatar

A ransomware group has claimed responsibility for a cyberattack on Doha British School, one of Qatar’s most prestigious international schools, saying it stole nearly 219,000 files containing staff and student information.

The Qilin ransomware operation listed the school on its dark-web site on October 24 and said 481 gigabytes of internal data were “ready to be published,” according to a posting on a leak-monitoring site. Screenshots shared by the attackers appear to show the school’s logo and marketing materials. Doha British School has not publicly commented on the incident.

An Arabic-language cybersecurity researcher,
Abdulrahman Alamri, shared screenshots on X showing the same leak-site page and images purportedly of internal school documents. In his post, he said Qilin claimed to have accessed the school’s internal system and uploaded financial, employee and student files as proof of compromise. The researcher noted that, as of publication, no independent confirmation had verified the authenticity of those materials.

Information published on the group’s portal and reviewed by DataBreach.com indicates that the listing includes 218,992 files attributed to the school and warns that financial and personal records will be released if negotiations fail. No sample archive has been posted and the material could not be independently verified. The same claim was also flagged by security researchers and remains visible on tracking databases.

Doha British School operates campuses in Ain Khalid, Al Wakra and Rawdat Al Hamama, serving students aged three to 18 under the British National and International Baccalaureate curricula. The school reports an enrolment drawn from more than 85 nationalities and annual tuition fees reaching about QAR 69,000 (USD 19,000), placing it among Qatar’s higher-tier private institutions.

Qilin, an English-language ransomware group active since 2022, has claimed dozens of victims across the education, healthcare and industrial sectors. Researchers describe it as a double-extortion operation that steals data before encrypting systems, publishing portions of the stolen files to pressure victims into paying.

If confirmed, the Doha British School incident would rank among the largest education-sector breaches reported in the Middle East by file volume. Metadata suggests the trove may include student rosters, employee contracts, payroll records and tuition data, though the contents remain unverified. Under Qatar’s Personal Data Privacy Protection Law of 2016, organizations must notify authorities of breaches that compromise personal information.

As of Sunday, the school’s website remained online and classes appeared to continue normally. No statement has been issued by school officials, and the Qilin listing remained accessible without a visible ransom note. DataBreach.com will update this report if further information becomes available from the institution, Qatari authorities or the ransomware group.

For media inquiries, contact us at contact@databreach.com