Dubai-based Gems Education hit by cyber attack

Company has not confirmed whether any data breach occurred

DUBAI, UAE. February 17, 2015 - Stock photograph of students boarding their school buses after school at Gems Modern Academy in Dubai, February 17, 2015. (Photos by: Sarah Dea/The National, Story by: Roberta Pennington, News)
 *** Local Caption ***  SDEA170215-gemsmodernacademy21.JPG
Beta V.1.0 - Powered by automated translation

Gems Education, the largest education operator in the UAE, faced a cyber attack that had a minimal impact on the group’s operations, the company said on Thursday.

The company said an investigation was under way. It has not yet confirmed whether any personal or financial data has been breached.

“We became aware of a recent cyber security incident, at which time we immediately enacted our cyber security response plan. Thanks to our robust business continuity plans, impact to our operations has been minimal,” Dino Varkey, group chief executive of Gems Education, said in an email sent to parents.

“It may be some time before we can determine the full extent of the incident,” Mr Varkey said.

Started in 1959, Gems Education has more than 40 schools in the UAE, as well as schools in Saudi Arabia, Qatar, Europe, Africa, India, South-East Asia and North America.

Gems said it does not store the bank account details or credit card information of the families or guardians of its pupils. But it said some personal data could have been compromised.

That includes identification documents, financial information, such as payment history, and data related to creditworthiness, health or medical records, and log-in details, such as usernames and passwords.

The group has engaged third-party expertise and legal counsel to assist in its investigation.

“We have also notified the relevant authorities, including our education and data protection regulators and law enforcement. We are closely working with them and they continue to support us,” Mr Varkey said.

Cyber attacks have risen sharply in recent months, with a recent World Economic Forum report calling 2021 an “unprecedented year for cyber crime in terms of volume and severity”.

The cost of breaches amounted to an average of $3.6 million per incident for businesses alone, as companies rapidly digitised to ensure business continuity during the pandemic.

Overall, cyber criminal activities were projected to inflict damage worth about $6 trillion globally in 2021, a study by research company Cybersecurity Ventures found.

Message to parents

Gems has suggested a few guidelines and precautionary steps for parents to follow:

  • Be suspicious if anyone contacts you by email, phone call or text message asking you to confirm your personal data or financial details;
  • Change all your and your child’s passwords, including those for Gems accounts. Always use strong passwords and enable two-step authentication on all your online services;
  • Check bank accounts regularly and contact the bank if you see any transactions that you do not recognise.
Updated: February 25, 2022, 5:49 AM