Back to Blog
high severity July 18, 2026 · scope unconfirmed

FMZ Tecnologia em Sistemas Listed by nova Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

FMZ Tecnologia em Sistemas is a Brazilian software company that develops solutions for the book industry. Its main product, HORUS, is an ERP system designed for publishers, bookstores, and distributors. The system helps manage inventory, sales, royalties, and consignment operations. The company has over 15 years of experience and is based in São Paulo, Brazil.

FMZ Tecnologia em Sistemas Listed by nova Ransomware Group
Severity High
Disclosed July 18, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

FMZ Tecnologia em Sistemas, a Brazilian software developer serving the publishing industry, appeared on the nova ransomware group's leak site on July 18, 2026. The listing indicates that the company suffered a ransomware attack in which internal files were exfiltrated. Anyone whose data passed through FMZ's HORUS ERP system — publishers, bookstores, distributors, authors, or customers — may now face heightened exposure.

Confirmed Details from the Listing

The nova leak site states that FMZ Tecnologia em Sistemas was hit in a ransomware incident and that attackers successfully exfiltrated internal files. The disclosure does not specify the volume of data taken, the exact types of records involved, or any ransom demand. It simply lists the company alongside a sample of allegedly stolen material and a deadline for payment. Public reporting on nova indicates the group follows a double-extortion model: encrypt systems and threaten to publish sensitive data if the victim does not pay.

FMZ's HORUS ERP manages inventory, sales, royalties, and consignment operations for book-industry clients across Brazil. The leak-site entry therefore raises the possibility that publisher financials, author payment records, customer contracts, or distributor agreements were among the files removed.

Why This Matters for You and Your Family

If you have purchased books from stores or publishers using HORUS, or if you are an author whose royalty statements flow through the system, your personal or financial details could sit inside the stolen files. Even when exact record counts remain unknown, the exposure of internal business documents frequently includes names, addresses, tax identifiers, banking information, and contract details. Once such data leaves a company's control, it circulates among criminals who sell or weaponize it for identity theft, fraud, or targeted phishing.

Brazilian residents are especially affected. Local companies often store national ID numbers, CPF data, and banking coordinates that carry high value on underground markets. Families relying on publishing-related income — writers, freelancers, small bookstore owners — now sit one step closer to account takeovers or loan fraud traced back to this breach.

Doxxing and Identity-Chain Risks

Stolen internal files rarely contain only one category of information. A single spreadsheet can link an author's real name to a pseudonym, email address, phone number, and bank account. Attackers then cross-reference these details with other breaches, building an identity chain that leads to doxxing, SIM-swapping, or harassment. Credential leaks from this incident can also cascade into gaming accounts belonging to you or your children, especially when the same password or email appears across work, personal, and entertainment services.

The longer the data remains publicly listed on the nova site, the greater the chance that multiple criminal groups will obtain copies and begin testing the information in fraud campaigns. What begins as a corporate ransomware incident can quickly become a sustained personal privacy problem.

Nova Ransomware Group's Track Record

Public reporting attributes nova as a relatively new ransomware operation that emerged in late 2025. The group has targeted mid-sized companies across Latin America and Europe, focusing on sectors with valuable operational data such as manufacturing, logistics, and specialized software providers. Typical nova playbook involves initial access through phishing or exploited remote desktop services, followed by rapid exfiltration of documents before encryption. The group then posts victim names on its dark-web leak site and, in many cases, begins selectively leaking samples to pressure payment. Observers note that nova maintains a high volume of listings but has not yet reached the scale of older gangs; its extortion style remains aggressive and deadline-driven.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to reduce your footprint.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure surfaces in hours rather than months.
  • Rotate any password you used with FMZ, HORUS, or related publishing services and secure those accounts with an authenticator app for 2FA.
  • Cover the household with DoxxScan family protection that extends to dependents and children's gaming accounts vulnerable to credential chaining from this breach.
  • Let remediation specialists handle data-broker takedown requests and follow-up monitoring on your behalf.

The incident underscores a persistent reality: even specialized software firms serving narrow industries can become gateways to personal data exposure. Acting quickly on credential hygiene and identity mapping limits how far criminals can travel down the chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children's gaming accounts at risk from cascading leaks like this one.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.