FulcrumSec Claims Breach of Novo Nordisk, Steals 1.3 TB of Clinical and IP Data
Hack-and-leak group FulcrumSec claims to have breached Danish pharma giant Novo Nordisk, stealing 1.3 TB of data including clinical trial records and proprietary drug research.
The hack-and-leak group FulcrumSec has claimed responsibility for a significant breach of Danish pharmaceutical giant Novo Nordisk, one of the world's leading insulin and obesity drug manufacturers. The group told DataBreaches that it gained initial access to Novo Nordisk's systems in March 2026 through a compromised GitHub access token, which allowed it to clone internal repositories and discover additional credentials.
According to FulcrumSec, the attackers exfiltrated roughly 1.3 terabytes of data from the company, providing a list of over 700,000 files as proof of the breach. The stolen data reportedly includes pseudonymized clinical trial data, intellectual property such as undisclosed drug programs and proprietary compound structures, the Dicerna RNAi pipeline, and private AI models. The group also shared some of its correspondence with Novo Nordisk, which included stolen credentials as proof of possession.
Novo Nordisk disclosed the incident late last week, warning patients that hackers had accessed its internal IT systems and exfiltrated certain data associated with clinical trials. The company stated that the stolen information was pseudonymized and could not be directly linked to patients by name or identifiers. "Knowledge of patient identity would require access to further information, which was not part of the incident," the company said.
FulcrumSec demanded a $25 million ransom from Novo Nordisk, but the extortion attempt failed, and the hacking group is now threatening to leak the stolen data. At the time of publication, however, Novo Nordisk has not been listed on FulcrumSec's Tor-based leak site. The group's claims have not been independently verified, but the detailed nature of the evidence provided suggests a substantial breach.
The attack highlights the growing threat to pharmaceutical companies, which hold valuable intellectual property and sensitive clinical data. The use of a compromised GitHub access token as an initial vector underscores the importance of securing software development pipelines and managing access tokens carefully. Novo Nordisk has not yet disclosed the full extent of the breach or whether any patient data was actually accessed.
This incident follows a pattern of increasing cyberattacks on healthcare and pharmaceutical organizations, where attackers seek to exploit the high value of medical data and trade secrets. The breach of Novo Nordisk, a company with a market capitalization of over $500 billion, could have significant implications for its drug development programs and competitive position.
As the investigation continues, Novo Nordisk is likely to face regulatory scrutiny and potential legal action from affected patients and partners. The company has not yet announced any specific remediation measures beyond notifying authorities and affected individuals. The cybersecurity community will be watching closely to see if FulcrumSec follows through on its threat to release the stolen data.