Ransomware: thegentlemen claims National Museum (DK) — Public Sector

A new ransomware incident has been publicly reported involving a threat actor known as thegentlemen, who claims to have compromised the National Museum of Denmark. The breach was published on the ransomware.live data leak site on June 15, 2026, under the BREACH framework. This is not a regulatory change per se, but a confirmed security event that triggers mandatory notification obligations under EU data protection and NIS2 rules.

The primary affected organization is the National Museum of Denmark, a public sector entity. However, this incident serves as a warning for all public sector and cultural heritage institutions across the EU. Any organization holding sensitive personal data or critical infrastructure assets should consider this a live threat indicator, as ransomware groups increasingly target public institutions with high-value collections and limited cybersecurity budgets.

Compliance teams should immediately verify their incident response plans are current and test notification procedures for supervisory authorities under GDPR and NIS2. Confirm that backups are isolated and offline, and review third-party access controls. If your organization is in the public sector or cultural heritage domain, conduct a targeted risk assessment for ransomware and ensure cyber insurance policies are updated. Finally, monitor the ransomware.live site for any further disclosures that may affect your sector.