German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
San Francisco-based AI startup Fieldguide has closed a $75 million Series C funding round led by Goldman Sachs Alternatives' growth equity group, achieving a $700 million post-money valuation. The raise brings total venture funding to $125 million as the firm expands its AI enterprise platform.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
Cyber News Centre's cyber update for 4th February 2026: German insurance giant HanseMerkur has reportedly been breached by the Dragonforce ransomware gang, a group with known alignments to Russia.
HanseMerkur, a major German insurance group with a history dating back to 1875 and annual revenues of €3 billion, is the latest major financial institution to be targeted by a significant ransomware attack. The company offers a wide range of insurance products, including health, travel, and property insurance, and has a significant presence in the European market.
Update: The Russia-aligned Dragonforce ransomware gang has claimed responsibility for a significant data breach at the German insurance giant HanseMerkur. The group, which has a history of targeting major Western corporations, posted its claims on a dark web leak site on February 3, 2026. Dragonforce alleges it has exfiltrated 97GB of sensitive internal data from the Hamburg-based insurer. The gang has a track record of high-profile attacks, including against major retailers like the UK's Marks & Spencer and the US department store chain Belk.
The attack on HanseMerkur underscores the persistent and escalating threat that sophisticated ransomware groups pose to the global financial services sector. While HanseMerkur has not yet officially confirmed the full extent of the breach, the public claim by a known threat actor is a serious development that puts the company and its partners on high alert. The incident serves as a stark reminder of the vulnerabilities within the insurance industry, a sector that holds vast amounts of sensitive customer and financial data, making it a prime target for cybercriminals.
Why it Matters: The targeting of a major European insurance provider like HanseMerkur by a Russia-aligned ransomware group has significant implications for the Australian market. Australian insurance and financial services companies, which are deeply integrated into the global financial system, face the same threat actors and attack methodologies. This incident is a clear signal that the insurance sector remains a high-value target for sophisticated ransomware operations. The potential for supply chain attacks, where partners and clients are affected, is also a major concern.
This breach highlights the critical need for robust cybersecurity defenses, proactive threat intelligence, and a comprehensive incident response plan. The success of such attacks, regardless of geography, emboldens threat actors and increases the risk for all organisations within the targeted sector. It is a reminder that in an interconnected world, a cyberattack on a major company in Germany can have ripple effects that are felt across the globe.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
The CL0P ransomware gang has breached Podiatry WA, a key Australian healthcare association, as part of a massive 22-victim global attack wave. The incident highlights the escalating threat of data extortion targeting professional services and healthcare sectors across Australia.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
Nike is investigating a massive data breach after the WorldLeaks ransomware group claimed to have stolen 1.4TB of sensitive data, including Jordan Brand design files, supply chain details, and internal documents. The breach poses a significant threat to Nike's IP operations in Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
