FulcrumSec claims Novo Nordisk data theft, demands $25 million

A cyber extortion claim against Novo Nordisk is now testing more than one company’s defenses. If FulcrumSec’s assertions are accurate, the breach could reach into patient data, clinical-trial records and drug development at the maker of Ozempic and Wegovy, with potential spillover for production systems that underpin supply across global markets.

FulcrumSec said it had spent more than two months inside Novo Nordisk’s networks and tried to extort $25 million from the Danish drugmaker, according to the group’s account. The hackers claimed they had taken more than 700,000 files totaling about 1.3 terabytes and were considering private sales of some of the material after the company did not pay. They also said Novo Nordisk representatives contacted them on June 3, about 48 hours after their first outreach, using a random Proton Mail address and asking for verification files only the company would know.

The material the group says it stole would be especially sensitive if confirmed. The alleged haul included company source code, proprietary information on released and unreleased drugs, trial data, employee, doctor and patient information, details on production facilities, and internal AI model data. Novo Nordisk said it was aware of claims that data allegedly copied without authorization had been published online and was taking the matter seriously. It also said it remained in contact with relevant authorities.

Novo Nordisk disclosed a cybersecurity incident on June 11 involving unauthorized access to a limited number of internal IT systems and certain personal data. In that update, the company said affected clinical-trial information was pseudonymized and not directly linked to patients by name or other direct identifiers. It said the affected patient-related data included patient ID, trial participation, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors such as smoking, alcohol use and BMI.

The company said its core business operations were not impacted and remained up and running, even as some internal IT systems were taken offline and brought back in a controlled and safe manner. That distinction matters for a manufacturer of high-profile medicines: any compromise touching drug data or production systems can raise questions not only about privacy, but also about manufacturing continuity, regulatory scrutiny and competitive risk.

Thomas Willkan of Lab-1 said FulcrumSec is usually quite legitimate in terms of capability and claims, adding weight to the threat even as the authenticity of the files could not be immediately verified. FulcrumSec is reported to have emerged in October 2025, and one account said the group claimed it would not share some of the stolen material, including data on thousands of employees and physicians and about 11,500 pseudonymized clinical-trial patients.

The stakes for Novo Nordisk are amplified by scale. Its 2024 annual report said it was investing more than DKK 80 billion in new active pharmaceutical ingredient facilities, a reminder that any intrusion into R&D or manufacturing systems can carry industrial consequences as well as security ones. The company’s 2025 annual-report materials say it employs about 68,800 people in 80 countries and markets its products in around 170 countries, making any confirmed theft a global issue, not a local one.