Ransomware: nova claims Dosab (SA) — Manufacturing

A new ransomware incident has been publicly claimed by the threat group Nova against the South African manufacturing company Dosab (SA). The claim was published on the ransomware.live data leak site on 20 June 2026, under the BREACH framework. This indicates that the attackers have likely exfiltrated sensitive data and are threatening to release it unless a ransom is paid. The specific nature of the data compromised is not yet confirmed, but manufacturing firms are frequent targets due to their reliance on operational technology and supply chain data.

This incident directly affects Dosab (SA) and its stakeholders, but it also serves as a broader warning for the manufacturing sector across the EU and EEA. Companies in this sector should assess their exposure to ransomware threats, particularly those with South African operations or supply chain links. The breach highlights the ongoing risk of data exfiltration and operational disruption, which may trigger notification obligations under GDPR if EU personal data is involved.

Compliance teams should immediately verify whether any EU personal data is implicated in this breach and prepare a data breach notification to the relevant supervisory authority if necessary. They should also review their own ransomware response plans, ensure offline backups are current, and conduct a targeted risk assessment of third-party vendors in the manufacturing supply chain. Proactive threat intelligence monitoring and employee phishing awareness training should be reinforced to mitigate similar attacks.