Ransomware victim disclosure
← All victimsOber Gatlinburg
listed as Ober Mountain (OberGatlinburg.com) · Claimed by Fog · listed 2 years ago
Status timeline
- ListedDec 26, 2024
- Data leakeddate unknown
At a glance
- Group
- Fog
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- Dec 26, 2024
- Data size
- 14.3 GB
About the victim
AI dossier — public-source company profileOber Gatlinburg is a year-round adventure park and ski area located on a mountaintop above Gatlinburg, Tennessee. It operates seasonal attractions including skiing, zip-lining, bobsled, tubing, archery, disc golf, and ice skating, with dining and retail facilities. The facility serves family tourists visiting the Smoky Mountains.
- Industry
- Hospitality and Tourism — Ski Area & Adventure Park
- Address
- 1001 Parkway, Gatlinburg, TN 37738
Attack summary
Severity: medium — Confirmed exfiltration of 14.3 GB from a hospitality business that processes customer bookings and payment data; however, the leak post is minimal and provides no proof files or specifics on data contents. Data likely includes PII (customer/employee records, payment info) typical of hospitality operations, warranting medium severity in the absence of evidence of sensitive regulated data.The Fog group claims to have exfiltrated 14.3 GB of data from Ober Gatlinburg. The post provides no detail on the type of data compromised or operational impact.
Data the group says was taken
AI dossier — extracted from the leak post- Customer personal information
- Employee records
- Financial data
- Operational systems
What the group claims
14.3 GB
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

