Ransomware victim disclosure
← All victimsOral Roberts University
listed as ORU Mabee Center · Claimed by Rhysida · listed 1 year ago
Status timeline
- ListedJan 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Rhysida
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Jan 24, 2025
About the victim
AI dossier — public-source company profileOral Roberts University is a Christian liberal arts university located in Tulsa, Oklahoma, offering undergraduate, graduate, and online programs across colleges including business, engineering, health sciences, theology, and nursing. The institution emphasizes 'whole person' education and develops leaders through a spirit-empowered educational model.
- Industry
- Higher Education - Christian University
- Address
- 7777 South Lewis Ave., Tulsa, Oklahoma 74171
- Founded
- 1963
Attack summary
Severity: medium — Data published status indicates exfiltration occurred, but no proof files are shown, no data inventory is detailed, and no specific sensitive data categories are confirmed. Educational institutions typically hold PII (student records, financial aid data) which elevates concern, but without confirmation of what was taken, severity remains medium.Rhysida claims to have attacked ORU. The leak post provides no details about the nature of the attack (encryption, exfiltration, or both) or what data may have been compromised.
What the group claims
ORU Mabee Center ORU is a liberal arts university with programs for every interest, from business and biology to engineering, computer science, nursing, criminal justice, theology and ministry, and more! More
Sources
- Victim siteoru.edu
- Leak postarchive.php?company=158
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

