Fraunhofer IAO confirms ransomware attack, investigations ongoing

The Fraunhofer Institute for Industrial Engineering IAO (Fraunhofer IAO), a prominent research institution based in Stuttgart, Germany, has confirmed that it was the target of a ransomware attack on December 27, 2024. The incident, which affected specific systems and data, is under investigation, with the full extent of the breach yet to be determined.

 

In an official statement, Fraunhofer IAO described the attack as a localized event confined to its operations. The institute emphasized that it has engaged IT security experts and notified the relevant authorities to assess the incident and implement countermeasures. “Fraunhofer regrets the incident and has responded comprehensively,” the statement read.

 

Fraunhofer IAO has undertaken immediate steps to minimize the impact, including bolstering system monitoring and applying additional safeguards. The institute assured stakeholders that it is committed to preventing similar incidents in the future.

 

Although Fraunhofer IAO typically handles research data that does not directly identify individuals, the institution acknowledged the potential for unauthorized access to personal information. It assured affected individuals that they would be notified if evidence of data exposure was found. The attack was promptly reported to the Bavarian State Office for Data Protection, law enforcement, and security agencies.

 

The attack marks another challenge for Fraunhofer IAO and its parent organization, Fraunhofer-Gesellschaft, which has experienced prior cyber incidents. In August 2022, the Fraunhofer-Gesellschaft faced a breach attributed to the IndustrialSpy threat actor, exposing 320.8GB of data.

 

Recognizing the growing cybersecurity threats, Fraunhofer IAO has undertaken initiatives to strengthen IT security. Notably, in December 2019, it launched the AIRPoRT project to enhance cybersecurity in manufacturing environments through artificial intelligence. Additionally, in October 2020, it co-established TISiM, a program to support small and medium-sized enterprises in safeguarding against cyberattacks.