Ransomware: nova claims BAUM Games (DE) — Technology

On May 17, 2026, a ransomware group known as Nova claimed responsibility for an attack on BAUM Games, a German video game developer. The claim was published on the ransomware group’s leak site, indicating that sensitive data may have been exfiltrated and could be released if a ransom is not paid. This incident falls under the BREACH framework, which typically involves unauthorized access and data disclosure, triggering notification obligations under EU data protection law.

The primary affected organization is BAUM Games, but the broader gaming and entertainment sector in Germany and across the EU should take note. Any company handling personal data or intellectual property in digital entertainment, especially those with supply chain or platform dependencies, may face similar threats. Regulators will likely scrutinize whether adequate technical and organizational measures were in place to prevent the breach.

Compliance teams should immediately verify whether their organization has any exposure to BAUM Games as a vendor or partner. They should also review their incident response plans to ensure they can meet the 72-hour notification deadline under GDPR if a similar attack occurs. Proactive steps include reinforcing multi-factor authentication, segmenting networks, and conducting tabletop exercises focused on ransomware scenarios. Finally, monitor the ransomware.live site for any leaked data that could indicate a broader campaign.