Ransomware: nova claims URG OEM (KR) — Manufacturing

A new ransomware incident has been publicly claimed by the threat group "nova" against an original equipment manufacturer (OEM) in South Korea, specifically within the manufacturing sector. The claim was published on the ransomware.live data leak site on May 17, 2026, under the BREACH framework. While the exact nature of the data compromised is not yet confirmed, the publication indicates that the attackers have exfiltrated data and are likely threatening to release it unless a ransom is paid. This is a live, unverified claim, but it signals a targeted attack on industrial production systems.

The primary affected organization is the named South Korean OEM, but the incident has broader implications for any EU-based company that relies on this manufacturer for components, sub-assemblies, or finished goods. Manufacturing firms across the EU, particularly those in automotive, electronics, or machinery supply chains, should assess their exposure if they have direct or indirect relationships with this OEM. Additionally, any EU entity that processes personal data of Korean employees or customers linked to this breach may have notification obligations under the GDPR if the incident involves personal data.

Compliance teams should immediately verify whether their organization has any supply chain or data processing links to the affected OEM. If a link exists, teams must assess whether any personal data of EU data subjects was involved and, if so, prepare a potential breach notification to the relevant supervisory authority within 72 hours. They should also review their incident response plans for ransomware scenarios, ensure backups are isolated and tested, and monitor for any further disclosures from the threat group that could indicate data exposure. Finally, update third-party risk assessments to include ransomware-specific clauses for all critical manufacturing suppliers.