Novo Nordisk Investigates Data Breach Following Unauthorized IT System Access
Novo Nordisk, the Danish pharmaceutical company, disclosed on June 11 that it had detected a security incident involving unauthorized access to a limited number of its internal IT systems. The breach was identified earlier this week, prompting the company to launch an investigation with the support of external cybersecurity experts and in coordination with relevant authorities.
As part of its response, Novo Nordisk temporarily took certain internal systems offline to contain the incident and is working to restore them securely. While the investigation remains ongoing, the company confirmed that non-public data including personal information was copied externally without authorization. Affected parties are being notified as appropriate.
Despite the breach, Novo Nordisk stated that its core business operations remain unaffected and continue to function normally. The company has not disclosed further details on the scope of the exposed data or the identity of the threat actors involved.
Source: https://www.globalbankingandfinance.com/novo-nordisk-hit-cyber-incident-probes-data-breach/
Novo Nordisk TPRM report: https://www.rankiteo.com/company/novo-nordisk
"id": "nov1781195765",
"linkid": "novo-nordisk",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Pharmaceuticals',
'location': 'Denmark',
'name': 'Novo Nordisk',
'type': 'Pharmaceutical Company'}],
'customer_advisories': 'Affected parties are being notified as appropriate',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal information)',
'type_of_data_compromised': 'Personal information, non-public '
'data'},
'date_publicly_disclosed': '2024-06-11',
'description': 'Novo Nordisk detected a security incident involving '
'unauthorized access to a limited number of its internal IT '
'systems. The breach involved non-public data, including '
'personal information, being copied externally without '
'authorization.',
'impact': {'data_compromised': 'Non-public data including personal '
'information',
'operational_impact': 'Core business operations remain unaffected',
'systems_affected': 'Limited number of internal IT systems'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2024-06-11',
'source': 'Novo Nordisk Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Relevant authorities'},
'response': {'communication_strategy': 'Notifying affected parties as '
'appropriate',
'containment_measures': 'Temporarily took certain internal '
'systems offline',
'incident_response_plan_activated': True,
'recovery_measures': 'Working to restore systems securely',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'Novo Nordisk Data Breach Investigation',
'type': 'Data Breach'}