Ransomware victim disclosure
← All victimsInternational Community Schools (ICS)
listed as www.icschool-uae.com · Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedOct 23, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- United Arab Emirates
- Sector
- Education
- Listed on leak site
- Oct 23, 2023
About the victim
AI dossier — public-source company profileInternational Community Schools (ICS) is a private multi-branch school group based in Abu Dhabi, UAE, offering American, British, IB, AP, and MoE curricula from Pre-KG/FS1 through Grade 12/Year 13. The group operates seven branches across Abu Dhabi (Mushrif, Al Danah, Al Falah City, Khalifa City, Al Manhal, Al Maharat, and a Nursery) and serves students of multiple nationalities. ICS is a rapidly growing private education provider with a focus on holistic, high-quality learning environments.
- Industry
- Private K-12 Education
- Address
- Abu Dhabi, United Arab Emirates
Attack summary
Severity: high — The victim is a K-12 school holding sensitive PII for minors (students), parents, and staff across multiple campuses; 'data_published' status indicates actual data release by the threat actor, which in an educational context involving children's records meets the threshold for high severity, approaching critical given the vulnerable population involved.The NoEscape ransomware group listed ICS as a victim with a disclosed status of 'data_published', indicating data has been released; however, no leak post content was captured, so the specific nature of the claimed exfiltration or encryption and the categories of data at stake cannot be confirmed from available evidence.
Data the group says was taken
AI dossier — extracted from the leak post- Student records (likely)
- Parent/guardian personal information (likely)
- Staff/employee records (likely)
- Financial/admissions data (likely)
Sources
- Victim siteicschool-uae.com
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

