Ransomware: nova claims Nordfjord Hotell (NO) — Hospitality and Tourism

On 19 May 2026, a ransomware incident involving the group "nova" was reported against Nordfjord Hotell in Norway, a hospitality sector entity. The breach was published on the ransomware.live platform under the BREACH framework, indicating that sensitive data may have been exfiltrated and potentially leaked. This event highlights an ongoing threat to the hospitality and tourism sector, which often holds personal and payment data of guests.

Organizations in the hospitality and tourism sector across the EU, particularly hotels and related service providers, are directly affected. This includes any entity that processes customer data, such as booking information, payment card details, or passport numbers. The incident serves as a reminder that smaller or regional operators are increasingly targeted, and compliance teams must assess whether their own systems are similarly vulnerable.

Compliance teams should immediately verify that their incident response plans are current and include ransomware-specific procedures. They should review data backup integrity and ensure offline backups are tested. Additionally, teams should confirm that data breach notification obligations under GDPR are clearly mapped, including timelines for notifying supervisory authorities and affected individuals. Finally, a risk assessment of third-party vendors and payment processing systems should be conducted to identify potential entry points for similar attacks.