Industry - Data Breach
Executive Summary
Pharmaceutical company Novo Nordisk refused to pay a $25 million ransom demand from hacking group FulcrumSec, which claims to have stolen over a terabyte of data including employee information, clinical trial patient data, and proprietary drug information after spending two months inside the company's networks. The group is now exploring private sales of some stolen data while withholding employee, physician, and patient information as part of what it calls a harm-reduction strategy. Novo Nor...
What Happened
Pharmaceutical company Novo Nordisk disclosed a cybersecurity incident on June 11, 2026, involving unauthorized access to a limited number of internal IT systems. The hacking group FulcrumSec claims it spent over two months inside Novo Nordisk's networks starting in March 2026 and stole approximately 1.3 terabytes of data, including company source code, proprietary drug information, clinical trial data, and employee information. After Novo Nordisk refused to pay a $25 million ransom demand, FulcrumSec announced it would explore private sales of some stolen data while withholding employee, physician, and patient information as part of what it describes as a harm-reduction strategy.
Who Is Affected
The breach potentially affects thousands of Novo Nordisk employees and physicians whose information was accessed, as well as roughly 11,500 pseudonymised clinical trial patients. The stolen data also includes operational technology information related to Novo Nordisk's production facilities and proprietary information about both released and unreleased drugs. While FulcrumSec claims it will withhold certain sensitive employee, physician, and patient data, the company's refusal to pay means some stolen information may be sold to private buyers.
Why It Matters
This incident highlights the vulnerability of pharmaceutical companies holding highly sensitive medical research data and patient information to extended network intrusions. The two-month dwell time demonstrates how attackers can maintain prolonged access to extract massive amounts of proprietary data, including clinical trial information and unreleased drug details. The situation also illustrates the complex ethical landscape of ransomware negotiations, where refusing payment may lead to selective data sales even as threat actors claim harm-reduction principles.
What You Should Do
If you are a Novo Nordisk employee, physician partner, or clinical trial participant, monitor your accounts closely for unusual activity and consider placing fraud alerts on your credit reports. Contact Novo Nordisk directly to understand what specific information may have been compromised and what protections or monitoring services the company is offering. Be alert for targeted phishing attempts that may use stolen information to appear legitimate, and do not respond to unsolicited communications claiming to be from Novo Nordisk without independently verifying their authenticity through official company channels.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- One threat actor demanded $50 million from Novo Nordisk. Another one demanded $25 million. Neither got paid.
- Ozempic maker Novo Nordisk hit with $25 million ransom demand after claimed data breach - Insurance Business
- Hacking group claims major hack of Novo Nordisk and attempted $25 million extortion - Reuters