A cyber extortion group asserted on Tuesday that it had stolen over 1TB of data from pharmaceutical behemoth Novo Nordisk A/S and is contemplating selling portions of the data after the company declined to pay a $25 million ransom.
The group, known as FulcrumSec and established in October 2025, published a lengthy statement on its website claiming it had infiltrated Novo Nordisk's networks for more than two months. According to FulcrumSec, the stolen information includes corporate source code, proprietary details on both marketed and experimental drugs, trial data, employee and physician information, patient records, details on company processing facilities, and internal AI models.
A spokesperson for Novo Nordisk stated via email that the company "is aware of allegations regarding unauthorized copying of data from our systems being published online. We take this matter very seriously and continue to operate our primary platforms. We are in contact with relevant authorities."
FulcrumSec indicated in an email that representatives from Novo Nordisk contacted the group on June 3rd, roughly 48 hours after FulcrumSec's initial outreach to an unnamed executive. The company used a random Proton Mail address, sent to the contact point FulcrumSec initially used, and verified its identity by requesting specific files that only the company would possess.
A representative from FulcrumSec further noted that the group prefers not to sell the data, "because open-source data is a more effective deterrent for other companies, making them less likely to refuse ransom payments."
Novo Nordisk had previously disclosed a cybersecurity incident on June 11th, reporting unauthorized access to some of its internal IT systems, which included certain personal data.
FulcrumSec stated that after Novo Nordisk refused the $25 million payment, the group is "exploring a private sale" of some data related to specific drugs and other internal information.
Thomas Willkan, Research Director at cybersecurity firm Lab-1 who has been closely monitoring FulcrumSec, commented that the hacker group "is generally considered quite credible, both in terms of its capabilities and its statements."
FulcrumSec mentioned it will not publicly release some of the stolen data, which includes information on thousands of company employees and doctors, as well as data on approximately 11,500 anonymized clinical trial patients.
As part of its "harm reduction strategy," the group also stated it would retain data related to operational technology and software used to interact with sensors and machinery in Novo Nordisk's production facilities.
Novo Nordisk is renowned for its drugs treating obesity and diabetes, notably Wegovy and Ozempic.
The blog DataBreaches.net, which focuses on cybersecurity, ransomware, and data extortion, reported on June 15th that FulcrumSec informed the blog on June 14th it had gained access to Novo Nordisk's network in March. The group shared what it claims are communications with Novo Nordisk dating from June 1st, including a list of over 700,000 files totaling approximately 1.3TB of data.
Separately, the malware research and repository site VX-Underground reported on Monday that an unidentified hacker had breached Novo Nordisk. FulcrumSec, in its statement, clarified that its attack is unrelated to the incident reported by VX-Underground.
Comments