Ransomware victim disclosure
← All victimsGFZ Helmholtz Centre for Geosciences
Claimed by Fog · listed 1 year ago
Status timeline
- ListedFeb 4, 2025
- Data leakeddate unknown
At a glance
- Group
- Fog
- Status
- Data leaked
- Country
- Germany
- Sector
- Public Sector
- Listed on leak site
- Feb 4, 2025
About the victim
AI dossier — public-source company profileGFZ Helmholtz Centre for Geosciences is Germany's national research centre for studying the solid Earth. It conducts fundamental research in geophysics, geochemistry, geodesy, and geosystems, with infrastructure including satellite systems, global monitoring networks, regional observatories, and laboratories. Located in Potsdam, it is part of the Helmholtz Association.
- Industry
- Scientific Research & Geosciences
- Address
- Potsdam, Germany
- Employees
- 500-1000
- Founded
- 1992
Attack summary
Severity: medium — Public sector research institution with confirmed data publication claim; sensitive data at scale (personnel, research, institutional) is likely, but no specific proof files quantified and no operational disruption confirmed. Exfiltration confirmed by disclosure status.The Fog group claims to have exfiltrated data from GFZ Helmholtz Centre. The leak post lists the institution alongside other victims (PT. ITPRENEUR INDONESIA TECHNOLOGY and LUA Coffee) without detailing specific data types or operational impact.
Data the group says was taken
AI dossier — extracted from the leak post- Research data
- Scientific publications
- Internal communications
- Personnel records
What the group claims
Extract from Gitlabs: PT. ITPRENEUR INDONESIA TECHNOLOGY, GFZ Helmholtz Centre for Geosciences, LUA Coffee
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

