Novo Nordisk, the pharmaceutical company behind Ozempic and Wegovy, is facing significant breach allegations after threat actor group FulcrumSec claimed responsibility for a cyber intrusion that allegedly resulted in the theft of approximately 1.3TB of company data.
The claims surfaced days after Novo Nordisk publicly disclosed a cybersecurity incident involving unauthorized access to internal systems. While the company confirmed the incident and said it was investigating the matter, it has not publicly verified FulcrumSec’s allegations regarding the scale of the breach, the categories of data involved, or the group’s claimed extortion demands.
According to FulcrumSec, the threat actor spent more than two months inside Novo Nordisk environments before exfiltrating source code repositories, employee records, clinical research information, proprietary AI assets, internal documentation, and pharmaceutical research data. The group further alleges it demanded $25 million from the company in exchange for not releasing the information.
FulcrumSec is an increasingly active threat actor that has recently been linked to several high-profile breach claims. BreachNews previously profiled the group in its threat actor profile of FulcrumSec.
Threat actor alleges extensive access across cloud environments
In a detailed leak site posting, FulcrumSec claimed it obtained access to thousands of source code repositories spanning multiple cloud and development platforms. The threat actor alleges the breach affected environments hosted across Azure DevOps, GitHub, AWS, Okta, Databricks, and other internal systems.
The group claims it initially gained access through credentials allegedly exposed in publicly accessible application resources before moving laterally throughout Novo Nordisk’s infrastructure.
FulcrumSec further alleges it obtained employee information, pseudonymized clinical trial data, internal AI development projects, proprietary drug research assets, and internal business records. The threat actor has also published what it claims are sample files intended to demonstrate access to Novo Nordisk systems.
At the time of publication, these claims remain unverified beyond the threat actor’s own statements.
Alleged extortion demand follows confirmed incident disclosure
According to FulcrumSec, representatives of Novo Nordisk engaged with the group following the alleged breach and participated in a verification process regarding the purportedly stolen data.
The threat actor claims discussions continued for several weeks before Novo Nordisk ultimately declined to meet its demands. FulcrumSec alleges its original request was for $25 million and says portions of the allegedly stolen data have since been released.
As with all threat actor claims, details regarding negotiations, timelines, and the scope of any stolen data should be treated cautiously until independently verified.
Latest claim follows previous FulcrumSec activity
The Novo Nordisk allegations are the latest in a series of breach claims attributed to FulcrumSec. Earlier this month, the group claimed responsibility for a large-scale compromise affecting Global Schools Group, alleging exposure of student and institutional records across multiple countries.
BreachNews previously reported on that incident in FulcrumSec’s Global Schools Group breach claim.
The group’s recent activity has primarily focused on data theft and extortion operations rather than ransomware deployment, with leaked datasets and alleged access to corporate cloud environments frequently featured in its public disclosures.
Intellectual property concerns could overshadow personal data risks
If FulcrumSec’s claims prove accurate, the incident could represent a significant intellectual property exposure for Novo Nordisk in addition to any potential privacy implications.
The threat actor alleges access to pharmaceutical research assets, development projects, source code repositories, machine learning systems, and clinical research information. Such data could carry substantial commercial value given Novo Nordisk’s position as one of the world’s largest pharmaceutical companies and its dominance in the rapidly growing obesity and diabetes treatment markets.
Several of FulcrumSec’s claims involve proprietary research and development information that would be difficult to independently verify without confirmation from Novo Nordisk or regulatory disclosures.
Novo Nordisk investigation remains ongoing
Novo Nordisk previously acknowledged a cybersecurity incident involving unauthorized access to internal systems and stated that it had implemented containment measures while investigating the matter.
The company has not publicly confirmed FulcrumSec’s allegations regarding the claimed 1.3TB of stolen data, the categories of information allegedly accessed, or the purported $25 million extortion demand.
Novo Nordisk had not issued any public statement at time of publication addressing FulcrumSec’s latest claims.
The incident remains under investigation.
