Hacking group claims major hack of Novo Nordisk, seeks $25M ransom

Hacking group claims major hack of Novo Nordisk, seeks $25M ransom

Cyber extortion group FulcrumSec says it spent two months inside the pharma giant's networks and walked away with over a terabyte of sensitive data

Share

Add us on Google
by Editorial Team

One of the world’s largest pharmaceutical companies just got a very expensive wake-up call. A cyber extortion group calling itself FulcrumSec claims to have breached Novo Nordisk’s internal systems, stolen over one terabyte of data, and issued a $25 million ransom demand that the Danish drugmaker has so far refused to pay.

What happened inside Novo Nordisk’s networks

FulcrumSec publicly claimed responsibility for the breach on June 16, 2026, alleging it had maintained persistent access to Novo Nordisk’s internal networks for more than two months before being detected or expelled.

Novo Nordisk itself acknowledged the incident slightly earlier, publicly disclosing the breach around June 11-12. The company confirmed that attackers gained unauthorized access to several internal IT systems and managed to copy data externally.

The stolen information reportedly includes de-identified patient data from clinical trials, including years of birth, biomarkers, and lifestyle factors. The haul also allegedly includes confidential information related to specific drugs and internal company documents.

Advertisement

One critical detail worth noting: no ransomware was actually deployed during the attack. This was not a lock-your-files-and-demand-Bitcoin scenario. It was pure data theft followed by extortion threats.

Who is FulcrumSec, and why are there two ransom demands?

FulcrumSec is a relatively new entrant in the cyber extortion landscape, having first emerged in October 2025.

At least one other, independent threat actor has also demanded money from Novo Nordisk in connection with the same breach, this time asking for $50 million. Both demands remain unpaid as of now.

After Novo Nordisk declined to pay, FulcrumSec indicated it may begin selling segments of the stolen data privately.

Novo Nordisk has said it is collaborating with external cybersecurity experts and law enforcement to investigate the breach.

What this means for investors and the broader market

For Novo Nordisk shareholders, the immediate financial impact of the breach itself is likely manageable. The company’s refusal to pay either the $25 million or $50 million demands means no direct ransom costs.

Pharmaceutical companies operating in the EU are subject to GDPR, which can impose fines of up to 4% of global annual revenue for data protection failures. Even if the stolen clinical trial data was technically de-identified, regulators may question whether the company’s security measures met the required standard.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
TECHNOLOGY

Hacking group claims major hack of Novo Nordisk, seeks $25M ransom

Hacking group claims major hack of Novo Nordisk, seeks $25M ransom

Cyber extortion group FulcrumSec says it spent two months inside the pharma giant's networks and walked away with over a terabyte of sensitive data

by Editorial Team

Share

Add us on Google

One of the world’s largest pharmaceutical companies just got a very expensive wake-up call. A cyber extortion group calling itself FulcrumSec claims to have breached Novo Nordisk’s internal systems, stolen over one terabyte of data, and issued a $25 million ransom demand that the Danish drugmaker has so far refused to pay.

What happened inside Novo Nordisk’s networks

FulcrumSec publicly claimed responsibility for the breach on June 16, 2026, alleging it had maintained persistent access to Novo Nordisk’s internal networks for more than two months before being detected or expelled.

Novo Nordisk itself acknowledged the incident slightly earlier, publicly disclosing the breach around June 11-12. The company confirmed that attackers gained unauthorized access to several internal IT systems and managed to copy data externally.

The stolen information reportedly includes de-identified patient data from clinical trials, including years of birth, biomarkers, and lifestyle factors. The haul also allegedly includes confidential information related to specific drugs and internal company documents.

Advertisement

One critical detail worth noting: no ransomware was actually deployed during the attack. This was not a lock-your-files-and-demand-Bitcoin scenario. It was pure data theft followed by extortion threats.

Who is FulcrumSec, and why are there two ransom demands?

FulcrumSec is a relatively new entrant in the cyber extortion landscape, having first emerged in October 2025.

At least one other, independent threat actor has also demanded money from Novo Nordisk in connection with the same breach, this time asking for $50 million. Both demands remain unpaid as of now.

After Novo Nordisk declined to pay, FulcrumSec indicated it may begin selling segments of the stolen data privately.

Novo Nordisk has said it is collaborating with external cybersecurity experts and law enforcement to investigate the breach.

What this means for investors and the broader market

For Novo Nordisk shareholders, the immediate financial impact of the breach itself is likely manageable. The company’s refusal to pay either the $25 million or $50 million demands means no direct ransom costs.

Pharmaceutical companies operating in the EU are subject to GDPR, which can impose fines of up to 4% of global annual revenue for data protection failures. Even if the stolen clinical trial data was technically de-identified, regulators may question whether the company’s security measures met the required standard.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.