Nova Ransomware Group Claims Massive 500GB Data Theft From KPMG Netherlands

The Nova ransomware group has claimed responsibility for a cyber intrusion into the internal systems of KPMG Netherlands, stating that over 500 GB of sensitive company data was exfiltrated.

 

KPMG provides audit, tax, and advisory services to multinational corporations, governments, and public sector agencies. The firm focuses on risk management, technology, and industry-specific consulting.

 

On January 23, the Nova ransomware group stated that it had breached the internal network of KPMG’s Dutch operations and listed the company as a victim on the dark web. The group claimed to possess approximately 500 GB of confidential company data.

 

 

To support its claims, the ransomware group released sample data allegedly stolen from KPMG, including files related to KPMG Indonesia, Indonesia’s Ministry of Finance, the U.S. Department of the Treasury in Philadelphia, and other materials.

 

The group has issued a February 2 deadline for the company to meet its ransom demands, stating that failure to do so will result in the public release of the stolen files.

 

Refuting the claims of the Nova ransomware group, in a statement shared with Techzine, a KPMG spokesperson said that the company did not suffer any data security incident.

 

“We are aware of claims on social media alleging that KPMG data has been accessed. The IT infrastructure and security systems managed by KPMG have not been compromised.

 

“KPMG takes cybersecurity seriously and we will continue to monitor the situation closely,” the spokesperson added.

 

The Nova ransomware group is a relatively new threat actor that claimed responsibility for a cyberattack on Clinical Diagnostics Netherlands, one of the country’s largest laboratory networks. The group stole approximately 300GB of confidential data, including personal information such as names, gender, dates of birth, addresses, and citizen service numbers.

 

Although the laboratory did not explicitly confirm paying a ransom, Nova ransomware group confirmed to RTL Nieuws that it received a ransom payment from Clinical Diagnostics. The laboratory also stated there were no indications that the attacker would proceed to leak the stolen data, implying that the ransom payment may have prevented data disclosure.