Cyber Incident Victim: Université de Rennes

On Saturday 8 March 2025, the Université de Rennes, which enrolls approximately 32 000 students, was notified of a cyberattack that had begun earlier that day. The university’s IT services confirmed that the intrusion was confined to a pedagogical subnetwork and that the broader institutional network remained operational. Upon receiving the alert, the IT department implemented immediate containment measures and commenced a preliminary diagnostic of the affected systems. The university stated that it had taken very rapid actions to limit the spread of the incident and to assess the scope of the compromise. The institution also indicated that it was cooperating with external cybersecurity experts to investigate the incident. No disruption to core services or to the overall availability of the university’s IT infrastructure was reported at that time.

According to the ethical hacker SaxX, the ransomware group Funksec claimed to have exfiltrated approximately 50 gigabytes of data from the compromised subnetwork, describing the material as comprising PDFs, CSV files, databases, Gmail addresses, telephone numbers, invoices, passwords, SSH keys for various servers, student records and photographs. The university has not yet confirmed the authenticity or the volume of the alleged data theft. Funksec further asserted that it would publish the stolen information unless its demands were met, setting a deadline of nine days after the initial notification, which corresponds to Wednesday 19 March 2025. SaxX noted that Funksec emerged at the end of 2024, consists of four members, employs double‑extortion tactics and has previously targeted several governmental entities.