The Dutch branch of KPMG has allegedly been attacked by Nova, a ransomware-as-a-service operation, according to reports.
The attack appeared on a so-called leak site with specific reference to the Netherlands branch of the global consultancy, Dutch enterprise tech title Techzine confirms.
Little is known about the attack's nature, extent, or the specific data allegedly stolen, and it remains unclear whether the claim is true.
Nova, which stole medical data from hundreds of thousands of participants in health screenings last year, has threatened to publish the data in 10 days if KPMG does not pay.
Nova is a relatively new operation and, like many others, operates a ransomware and data extortion model. It encrypts systems, steals data, and threatens to leak it.
In the case of Clinical Diagnostics, which the health firm the gang hit last August, it appeared that the company did not meet the full demands of the threat actor, who then reportedly advertised for a leak partner willing to buy the complete data set for €1.1 million.
Dr. Kolochenko, CEO at ImmuniWeb and British Computer Society Fellow, said the incident was a reminder that even “big four” companies are not fully immune to cybersecurity attacks.
“In 2026, we will probably see a growing number of major data breaches of large companies, including leading cybersecurity vendors,” he said.
“A non-negligible part of these intrusions may have a direct connection with the corporate rush to implement AI in a fading hope to impress investors, scare competitors, or save costs.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked