A cyber extortion group is claiming responsibility for a massive data theft targeting Novo Nordisk, the Danish pharmaceutical company behind popular diabetes and obesity drugs including Ozempic and Wegovy — and says it tried to squeeze $25 million out of the company after the breach.
The group, known as FulcrumSec, posted a lengthy statement to its website Tuesday saying it spent more than two months quietly moving through Novo Nordisk’s computer networks, making off with what it described as more than a terabyte of sensitive information. According to the group, the stolen data includes company source code, details on both released and unreleased medications, clinical trial records, employee and patient information, data related to company production facilities, and internal artificial intelligence model data.
Novo Nordisk had already disclosed a cybersecurity incident on June 11, acknowledging that unauthorized parties had gained access to a limited number of internal IT systems and certain personal data. The company did not immediately respond to a request for comment regarding FulcrumSec’s specific claims, and Reuters was unable to immediately confirm whether the data the hacking group posted was authentic. FulcrumSec also did not respond to a request for comment.
After Novo Nordisk declined to pay the $25 million demand, FulcrumSec said it is now “exploring private sales” for some of the stolen data tied to certain drugs and other internal company information.
Thomas Willkan, who leads research at cybersecurity company Lab-1 and has closely followed FulcrumSec since the group appeared in October 2025, offered some context on the group’s credibility. He described FulcrumSec as “usually quite legit in terms of both their capabilities and also their claims.”
Despite threatening to sell some data, the group said it would hold back certain categories of information. That includes personal data belonging to thousands of company employees and physicians, as well as records for roughly 11,500 clinical trial patients whose identities had been partially obscured. FulcrumSec also said it would not release data connected to the machinery and software used at Novo Nordisk’s manufacturing facilities, describing that decision as part of a “harm-reduction strategy.”
The cybersecurity blog DataBreaches.net reported on June 15 that FulcrumSec told the site on June 14 that it first broke into Novo Nordisk’s network back in March. The blog also shared what it described as correspondence between FulcrumSec and Novo Nordisk beginning June 1, which included a file list of more than 700,000 items totaling approximately 1.3 terabytes of data.
Separately, the malware research site VX-Underground reported Monday that an unnamed hacker had also compromised Novo Nordisk. FulcrumSec addressed that report directly, stating that its own attack is a separate, unrelated incident.
