The University of Oklahoma (OU) has confirmed that unusual activity has been detected on its IT network following claims by the Fog ransomware group that it had infiltrated the university's systems. Fog, a relatively new player in the ransomware landscape, listed OU on its dark web leak site on January 14, 2025, claiming to have exfiltrated 91MB of data, including sensitive employee contact details, financial data, and even contact information for state senators.
In a statement to CyberInsider, OU acknowledged the suspicious activity, stating:
“The University recently identified unusual activity on our IT network. Upon discovery, we isolated certain systems and are investigating the matter. As part of this ongoing process, measures are being implemented across our network.”
The University of Oklahoma is a major public institution, serving over 28,000 students and employing approximately 12,000 faculty and staff across its campuses. It plays a vital role in the state's higher education system, generating over $1.5 billion in annual revenue. A breach at an institution of this size has the potential to impact thousands of individuals, including employees, students, and possibly third-party partners.
Fog claims to have exfiltrated data that includes:
- Employee contacts
- Financial documents such as audits, payment details, and reports
- Sensitive political data, including contact information for state senators
While the exact scope of the stolen data has not yet been confirmed by the University of Oklahoma, the threat group's leak site suggests that the university may face potential reputational and legal challenges if sensitive data is leaked or sold.
Fog is an emerging ransomware operator known for targeting entities with high-value data. Unlike larger groups such as LockBit or BlackCat, Fog primarily relies on smaller-scale operations but tends to target institutions where data leaks could have a significant political or social impact.
This incident marks the second time in less than a year that the University of Oklahoma has faced a ransomware-related breach. In 2024, the university was targeted by the Clop ransomware group through the exploitation of the MOVEit file transfer software zero-day vulnerability. That breach exposed sensitive personal and financial information, prompting significant fallout and investigations.
OU's response to the current breach has included isolating affected systems and implementing new security measures to mitigate further risks. However, the university has not disclosed whether any ransom demands have been made or paid.
If you work or study at the University of Oklahoma, or have done so in the past, it is recommended to monitor financial accounts for unusual transactions, change passwords for university-related accounts, and stay vigilant for phishing attempts.
ExpressVPN Adopts NIST-Approved Post-Quantum Encryption
Leave a Reply