Novo Nordisk has disclosed an IT security incident involving unauthorized access to a limited number of internal systems, and a cyber extortion group has since claimed responsibility, saying it walked away with more than a terabyte of sensitive data after the Danish pharmaceutical company refused to pay a $25 million ransom.
According to SecurityWeek, FulcrumSec traced its initial foothold to a GitHub access token discovered in March — one that opened the door to cloning internal repositories and extracting further login credentials. By FulcrumSec’s account, the intrusion lasted over two months, with the group ultimately walking out with a haul it described as roughly 1.3 terabytes spread across more than 700,000 individual files.
Among the categories of data FulcrumSec says it obtained are source code, proprietary drug information covering both marketed and pipeline compounds, clinical trial records, data on employees, doctors, and patients, details tied to manufacturing operations, and internal AI model files. Novo Nordisk confirmed that certain non-public data, including personal data, had been copied without authorization, the company said.
In a statement to Reuters, a Novo Nordisk spokesperson said the company “is aware of claims that data allegedly copied externally without authorisation from our systems has been published online,” and noted that authorities have been notified and core platforms have not been disrupted.
Two days after FulcrumSec first reached out to unnamed Novo Nordisk executives, someone from the company made contact with the group on June 3, FulcrumSec said. With the ransom demand rejected, FulcrumSec indicated it has begun looking at private buyers for select portions of the trove, though the group expressed a preference for public release, telling Reuters that doing so is “a more effective deterrent for future companies to avoid paying.”
Certain stolen material will be kept off public channels, FulcrumSec said, pointing to personnel and physician records, data linked to around 11,500 pseudonymized patients enrolled in clinical trials, and operational technology files from Novo Nordisk’s manufacturing sites — a policy the group described as part of its harm-reduction framework.
A researcher who has closely monitored FulcrumSec’s activity, Thomas Willkan of cybersecurity firm Lab-1, offered Reuters an assessment of the group’s credibility, calling it “usually quite legit in terms of both their capabilities and also their claims.”
The breach carries added sensitivity given Novo Nordisk’s recent AI investments. The company announced a partnership with OpenAI to apply artificial intelligence across drug discovery, manufacturing, and commercial operations, with company-wide integration planned for completion by late 2026. FulcrumSec claims the stolen data includes private AI models from Novo Nordisk’s internal systems.
The group first appeared on the threat landscape in October 2025. Novo Nordisk makes the blockbuster weight-loss and diabetes drugs Wegovy and Ozempic.
Click Here For The Original Source.
