People walk past a sign for Novo Nordisk’s annual general meeting at the entrance to the venue in Copenhagen, Denmark, on Mar 26, 2026. (File photo: Reuters/Tom Little)

Hacking group claims major hack of Novo Nordisk and attempted US$25 million extortion

Cyber extortion group FulcrumSec said that stolen data included company source code, proprietary information on released and unreleased drugs, trial data, employee and doctor and patient data.

· CNA · Join

Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST

A cyber extortion group claimed on Tuesday (Jun 16) to have stolen more than a terabyte of data from pharmaceutical giant Novo Nordisk and said it is exploring selling parts of the data after unsuccessfully demanding US$25 million from the company.

FulcrumSec, a cyber extortion group that emerged in October 2025, said in a long message posted to its website that it spent more than two months in Novo Nordisk's networks stealing data. It said that data included company source code, proprietary information on released and unreleased drugs, trial data, employee, doctor and patient data, information related to company processing facilities and internal AI model information.

Novo Nordisk is known for its treatments for obesity and diabetes, notably Wegovy and Ozempic.

A Novo Nordisk spokesperson said in an email that the company "is aware of claims that data allegedly copied externally without authorisation from our systems has been published online. We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities".

CNA Games

Guess Word
Crack the word, one row at a time

Buzzword
Create words using the given letters

Mini Sudoku
Tiny puzzle, mighty brain teaser

Mini Crossword
Small grid, big challenge

Word Search
Spot as many words as you can
 Show More
Show Less

Reuters could not immediately verify the authenticity of the data posted by the hacking group.

FulcrumSec told Reuters in an email that Novo Nordisk representatives contacted the group on Jun 3, roughly 48 hours after the group's initial contact with unnamed company executives. The company used a random Proton Mail email address sent to email addresses that FulcrumSec used in its initial outreach, and confirmed it was the company by requesting specific files for verification that only the company would know about.

The FulcrumSec representative also said that the group would prefer not to sell data, "as open sourcing it is a more effective deterrent for future companies to avoid paying".

The Danish company disclosed a cybersecurity incident on Jun 11 that it said involved unauthorised access to a limited number of internal IT systems that included access to certain personal data.

FulcrumSec said that after Novo Nordisk refused to pay US$25 million, it was "exploring private sales" for some of the data related to certain drugs and other internal data.

Thomas Willkan, head of research at cybersecurity firm Lab-1, who has closely tracked FulcrumSec, said the hacking group is "usually quite legit in terms of both their capabilities and also their claims".

FulcrumSec said it would not share some of the data it stole, including information on thousands of company employees and physicians, and roughly 11,500 pseudonymised clinical trial patients.

The group said it also would withhold data related to operational technology and software used to interact with sensors and machinery at Novo Nordisk production facilities as part of its "harm-reduction strategy".

DataBreaches.net, a blog focused on cybersecurity, ransomware and data extortion, reported on Jun 15 that FulcrumSec told the blog on Jun 14 it gained access to Novo Nordisk's network in March, and shared purported correspondence with Novo Nordisk starting Jun 1 that included a list of more than 700,000 files, making up roughly 1.3 terabytes of data.

VX-Underground, a malware research and repository site, reported separately on Monday about an unnamed hacker having compromised Novo Nordisk. FulcrumSec said in its message that its attack is separate.

Source: Reuters/rk

Newsletter

Week in Review

Subscribe to our Chief Editor’s Week in Review

Our chief editor shares analysis and picks of the week's biggest news every Saturday.

Sign up for our newsletters

Get our pick of top stories and thought-provoking articles in your inbox

Subscribe here

Get the CNA app

Stay updated with notifications for breaking news and our best stories

Download here

Get WhatsApp alerts

Join our channel for the top reads for the day on your preferred chat app

Join here