The Fraunhofer Institute for Industrial Engineering IAO (Fraunhofer IAO), based in Stuttgart, Germany, has disclosed that its systems were targeted in a ransomware attack on 27 December 2024. The breach affected specific systems and data, although the complete scope of the incident remains under investigation.
Fraunhofer IAO issued a statement confirming the attack, describing it as a localised event restricted to its operations. “Fraunhofer regrets the incident and has responded comprehensively,” the German research institution stated. It has engaged IT security experts and relevant authorities to examine the incident and implement corrective measures.
The institute claimed that it has taken steps to prevent further impact, including enhanced monitoring and precautionary actions. It noted that additional safeguards are being implemented to minimise the risk of similar incidents in the future. “Fraunhofer is doing everything it can to ensure that such incidents do not happen again,” the statement added.
The breach has prompted concerns about the unauthorised access to personal data. While Fraunhofer IAO generally processes research data in formats that do not directly identify individuals, the possibility of some data being exposed to third parties without consent cannot be ruled out. The institute acknowledged that, in certain cases, this could result in disadvantages for affected individuals.
Fraunhofer IAO has assured it will notify individuals if there is evidence of unauthorised access to their data. The organisation reported the incident to the Bavarian State Office for Data Protection within the legally required timeframe. It also informed police and security agencies immediately after the attack was identified.
The investigation is ongoing, with experts working to determine the full extent of the breach and implement measures to reinforce the institute’s cybersecurity framework. Fraunhofer IAO is monitoring developments closely and collaborating with authorities to resolve the situation effectively.
Fraunhofer IAO and its parent organisation, Fraunhofer-Gesellschaft, have faced cyber incidents in the past. In August 2022, a significant data breach affected Fraunhofer-Gesellschaft, leading to the exposure of approximately 320.8GB of data. The breach was attributed to the threat actor IndustrialSpy.
To address growing cybersecurity threats, Fraunhofer IAO has undertaken several initiatives. In December 2019, it launched the AIRPoRT (Artificial Intelligence for Robotics and Connected Manufacturing) project, designed to improve IT security in manufacturing environments through automated processes and artificial intelligence.
Additionally, in October 2020, Fraunhofer IAO collaborated with partners to establish the Transferstelle IT-Sicherheit im Mittelstand (TISiM), a nationwide support programme aimed at helping small and medium-sized enterprises protect against cyber threats such as malware, data theft, and hacking attempts. These measures reflect Fraunhofer IAO’s ongoing commitment to enhancing cybersecurity across various sectors.
Research institutions targeted by rising cyberattacks
Research institutions like Fraunhofer IAO have increasingly been targeted by cyberattacks, with several notable incidents affecting similar organisations in recent years.
In August 2024, the University of Paris-Saclay in France suffered a ransomware attack claimed by the group RansomHouse. The attackers alleged that they had stolen 1TB of data, including sensitive application records for master’s programmes. The breach caused significant disruptions to IT systems, particularly impacting the start of the September academic term.
In another incident, Idaho National Laboratory in the US faced a cyberattack in November 2023. The breach targeted its Oracle HR system, resulting in the compromise of employee personal data. The attackers reportedly made unconventional ransom demands, reflecting the growing sophistication of cyber threats targeting research and academic institutions.
Read more: The case for a ransomware payment ban
