A ransomware gang says it stole SSNs, credit cards and more from a Christian seminary in Kentucky

The Asbury Theological Seminary in Wilmore, Kentucky yesterday confirmed it notified 888 Texans and 55 Massachusettsans of a June 2024 data breach that compromised a trove of sensitive personal and financial info. More victims will likely be reported soon as other states disclose breach figures for their own residents.

The compromised data includes:

• Names
• Social Security numbers
• Credit and/or debit card numbers
• Security codes/PINs
• Bank account info
• Medical info
• Health insurance info
• Military ID numbers
• Passport numbers
• US alien registration numbers
• Driver’s license numbers
• Routing numbers
• Dates of birth

Ransomware gang Fog claimed responsibility for the breach on June 24, 2024, saying it stole more than 10 GB of data from the seminary.

Asbury Theological Seminary has not verified Fog’s claim. We do not yet know if Asbury paid a ransom, how much Fog demanded, or how attackers breached the seminary’s network. Comparitech contacted Asbury for comment and will update this article if it replies.

A July 2, 2024 announcement on the seminary’s website states, “Many of you have messaged us recently regarding technical difficulties on our sites. Broken links in the Link, inability to access Connect, and other inconveniences have been disrupting our community. The reason for all of this is that the seminary faced a network security incident several weeks ago. As a result, many of our affiliate sites had to be taken offline while necessary repairs occur.”

The seminary’s recent notice (PDF) to victims says, “[…] an unauthorized actor may have accessed and/or acquired certain files containing personal information between June 1, 2024, and June 6, 2024.”

Asbury is offering victims whose Social Security numbers were compromised free credit monitoring.

Who is Fog?

Fog is a ransomware gang that first started claiming attacks on its website in July 2024. It has a history of targeting US schools but is not limited to them. In addition to encrypting files, Fog also steals data and targets development environments.

In 2025 to date, Fog has claimed responsibility for seven confirmed attacks against schools:

• Asbury Theological Seminary
• Williamsburg-James City County Schools in Virginia
• University of Oklahoma
• Aurora Public Schools in Colorado
• University of Notre Dame Australia
• Saint George’s College in Chile
• University of Applied Sciences and Arts Northwestern FHNW in Switzerland

Fog has claimed 17 confirmed ransomware attacks in total, plus another 156 unconfirmed claims that haven’t been acknowledged by the targeted organizations.

The majority of Fog’s attacks in 2025 are linked to an alleged GitLab-related source code leak, which threatens the development environments of many organizations.

Ransomware attacks on US education

Comparitech researchers logged nine confirmed ransomware attacks against US schools, colleges, and other educational institutions in 2025 so far.

In 2024, we recorded 71 confirmed ransomware attacks on US schools and colleges. These affected nearly 1.83 million records and came with an average ransom demand of just over $908,000.

Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.

About Asbury Theological Seminary

Based in Wilmore, Kentucky, Asbury Theological Seminary is a Christian seminary that enrolls about 1,700 students.