Hacking group claims major hack of Novo Nordisk and attem…

A cyber extortion group named FulcrumSec claims to have stolen over one terabyte of data from Novo Nordisk, including proprietary drug information and internal source code. The group had attempted to extort the company for $25 million but has since begun exploring private sales of the stolen data after Novo Nordisk refused to pay. The breach was disclosed by Novo Nordisk on June 11, 2026, involving unauthorized access to internal IT systems and some personal data. FulcrumSec asserts that parts of the data, particularly sensitive employee and clinical trial information, will be withheld as part of harm-reduction strategies. The authenticity of the stolen data has not been independently verified.

Exclusive news, data and analytics for financial market professionalsLearn more aboutRefinitiv

Novo Nordisk annual meeting in Copenhagen

People walk past a sign for Novo Nordisk’s annual general meeting at the entrance to the venue in Copenhagen, Denmark, March 26, 2026. REUTERS/Tom Little/File Photo Purchase Licensing Rights, opens new tab

Summary
Companies
FulcrumSec says it is exploring selling parts of the data
It says data includes proprietary information on drugs
Other data includes source code, AI model information
Novo Nordisk disclosed a cybersecurity incident on June 11

June 16 (Reuters) - A cyber extortion group claimed on Tuesday to have stolen more than a terabyte of data from pharmaceutical giant Novo Nordisk (NOVOb.CO), opens new tab and said it is ‌exploring selling parts of the data after unsuccessfully demanding $25 million from the company.

FulcrumSec, a cyber extortion group that emerged in October 2025, said in a long message posted to its website that it spent more than two months in Novo Nordisk's networks stealing data. It said that data included company source code, proprietary information on released and unreleased drugs, trial data, employee, doctor and patient data, information related to company processing facilities and internal AI model information.

Jumpstart your morning with the latest legal news delivered straight to your inbox from The Daily Docket newsletter. Sign up here.

A Novo Nordisk spokesperson said in an email that the company "is aware of claims that data allegedly copied ⁠externally without authorisation from our systems has been published online. We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities."

Reuters could not immediately verify the authenticity of the data posted by the hacking group.

FulcrumSec told Reuters in an email that Novo Nordisk representatives contacted the group on June 3, roughly 48 hours after the group's initial contact to unnamed company executives. The company used a random Proton Mail email address sent to email addresses that FulcrumSec used in its initial outreach, and confirmed it was the company by requesting specific files for verification only the company would know about.

The FulcrumSec representative also said that the group would prefer not to sell data, "as open sourcing it is a more effective deterrent for future companies to avoid paying."

The Danish company disclosed a cybersecurity incident on June 11 that it said involved unauthorized access to a limited ‌number of ⁠internal IT systems that included access to certain personal data.

FulcrumSec said that after Novo Nordisk refused to pay $25 million, it was "exploring private sales" for some of the data related to certain drugs and other internal data.

Thomas Willkan, head of research at cybersecurity firm Lab-1, who has closely tracked FulcrumSec, said the hacking group is "usually quite legit in terms of both their capabilities and also their claims."

FulcrumSec said it would not share some of the data it stole, including information on thousands of company ⁠employees and physicians, and roughly 11,500 pseudonymised clinical trial patients.

The group said it also would withhold data related to operational technology and software used to interact with sensors and machinery at Novo Nordisk production facilities as part of its "harm-reduction strategy."

Novo Nordisk is known for its treatments for obesity and diabetes, notably Wegovy and Ozempic.

DataBreaches.net, a blog focused ⁠on cybersecurity, ransomware and data extortion, reported on June 15 that FulcrumSec told the blog on June 14 it gained access to Novo Nordisk's network in March, and shared purported correspondence with Novo Nordisk starting June 1 that included a list of more than 700,000 files, making up roughly 1.3 terabytes ⁠of data.

VX-Underground, a malware research and repository site, reported separately on Monday about an unnamed hacker having compromised Novo Nordisk. FulcrumSec said in its message that its attack is separate.

Reporting by AJ Vicens in Detroit; Editing by Will Dunham

Our Standards: The Thomson Reuters Trust Principles., opens new tab

X
Facebook
Linkedin
Email
Link

Purchase Licensing Rights

A.J. Vicens

Thomson Reuters

Cybersecurity correspondent covering cybercrime, nation-state threats, hacks, leaks and intelligence

Hacking group claims major hack of Novo Nordisk and attempted $25 million extortion

Read Next / Editor's Picks