KPMG Netherlands Hit by Nova Ransomware Attack
On January 23, 2026, KPMG’s Netherlands division fell victim to a ransomware attack by the Nova group, a rising threat actor in the cybercrime landscape. The breach was detected and publicly indexed by ransomware monitoring platforms on the same day, with attackers claiming to have exfiltrated sensitive client data.
Nova, known for targeting high-profile corporations in financial and professional services, issued a 10-day ultimatum for ransom negotiations. The group operates via Tor-based command-and-control (C2) infrastructure, utilizing uvicorn-based servers and distributed leak sites across multiple onion domains. Security analysts recommend blocking identified Nova-associated infrastructure and monitoring for lateral movement patterns linked to ransomware deployment.
KPMG, a global leader in audit, tax, and advisory services, has not yet publicly confirmed the breach. The firm’s Netherlands operations handle critical financial and compliance data for major enterprises, raising concerns about potential exposure. Stakeholders are advised to await official updates on the incident’s scope and remediation efforts.
Nova’s attack on KPMG underscores the persistent threat ransomware groups pose to professional services firms, particularly those managing sensitive corporate and financial information.
Source: https://cybersecuritynews.com/nova-ransomware-breach-kpmg-netherlands/
KPMG Nederland cybersecurity rating report: https://www.rankiteo.com/company/kpmg-nederland
"id": "KPM1769446677",
"linkid": "kpmg-nederland",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'financial and advisory services',
'location': 'Netherlands',
'name': 'KPMG Netherlands',
'type': 'professional services'}],
'data_breach': {'data_exfiltration': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': 'sensitive client data, financial '
'and compliance data'},
'date_detected': '2026-01-23',
'date_publicly_disclosed': '2026-01-23',
'description': 'On January 23, 2026, KPMG’s Netherlands division fell victim '
'to a ransomware attack by the Nova group, a rising threat '
'actor in the cybercrime landscape. The breach was detected '
'and publicly indexed by ransomware monitoring platforms on '
'the same day, with attackers claiming to have exfiltrated '
'sensitive client data. Nova issued a 10-day ultimatum for '
'ransom negotiations. KPMG has not yet publicly confirmed the '
'breach, and stakeholders are advised to await official '
'updates on the incident’s scope and remediation efforts.',
'impact': {'data_compromised': 'sensitive client data'},
'investigation_status': 'ongoing',
'motivation': 'financial gain',
'ransomware': {'data_exfiltration': 'yes', 'ransomware_strain': 'Nova'},
'recommendations': 'Security analysts recommend blocking identified '
'Nova-associated infrastructure and monitoring for lateral '
'movement patterns linked to ransomware deployment.',
'references': [{'source': 'ransomware monitoring platforms'}],
'stakeholder_advisories': 'Stakeholders are advised to await official updates '
'on the incident’s scope and remediation efforts.',
'threat_actor': 'Nova group',
'title': 'KPMG Netherlands Hit by Nova Ransomware Attack',
'type': 'ransomware'}