Nova Ransomware Claims Breach of KPMG Netherlands
In a significant cybersecurity incident, KPMG Netherlands has reportedly fallen victim to the Nova ransomware group. The breach was identified on January 23, 2026, with the attack date aligning with this discovery. The perpetrators assert they have exfiltrated sensitive data and have issued a 10-day ultimatum for KPMG to initiate contact and negotiate a ransom.
Incident Overview
KPMG stands as one of the world’s leading professional services firms, offering comprehensive audit, tax, and advisory services to major global organizations. Its Netherlands division manages sensitive client data across various sectors, including financial services, compliance, and enterprise operations. This targeting is consistent with Nova’s established pattern of pursuing high-profile corporations in the professional services and financial sectors.
About Nova Ransomware
Nova has emerged as a significant threat actor in the ransomware landscape. According to threat intelligence data, the group operates multiple command-and-control (C2) infrastructure elements on the Tor network. Analysis of publicly available indicators reveals that Nova maintains a distributed leak infrastructure across multiple onion domains. The group utilizes uvicorn-based servers, indicating a standardized backend deployment.
Recommendations for Network Defenders
Network defenders are advised to block identified onion infrastructure and monitor for lateral movement patterns consistent with ransomware deployment. Immediate incident response protocols should be activated if any Nova-related artifacts are detected in network logs.
KPMG’s Response
As of now, KPMG has not issued a public confirmation of the breach. Clients and stakeholders are advised to monitor official communications for detailed impact assessments and remediation timelines.
