Novo Nordisk Hit by Major Ransomware Attack: 1.3TB of Sensitive Data Stolen
Pharmaceutical giant Novo Nordisk is grappling with a severe cybersecurity breach after the ransomware group FulcrumSec claimed to have stolen 1.3 terabytes of sensitive data, including clinical trial records, employee information, and proprietary AI models used in drug development. The hackers allege they infiltrated the company’s systems months ago, exfiltrating data tied to experimental treatments for diabetes, obesity, chronic kidney disease, and sickle cell disease.
FulcrumSec has demanded a $25 million ransom, and after Novo Nordisk reportedly refused to pay, the group began leaking samples of the stolen data on its dark web site. Among the compromised files, the attackers claim to have obtained AI models, scientific imaging datasets, and internal research documents potentially exposing years of intellectual property.
The breach allegedly occurred through exposed credentials and access tokens left unsecured in development systems, allowing the hackers to move laterally across internal platforms. While Novo Nordisk has acknowledged an IT security incident, it has not confirmed the full extent of the breach. The company stated it is working with authorities and prioritizing the protection of patient data, with its main operations remaining functional.
This attack underscores a rising trend in cybercrime, where threat actors steal data before encrypting systems, leveraging the threat of public exposure to extort payments. For pharmaceutical firms, the stakes are particularly high, as stolen research and clinical trial data could be exploited by competitors or malicious actors.
Novo Nordisk cybersecurity rating report: https://www.rankiteo.com/company/novo-nordisk
"id": "NOV1781951217",
"linkid": "novo-nordisk",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Pharmaceuticals',
'name': 'Novo Nordisk',
'type': 'Pharmaceutical company'}],
'attack_vector': 'Exposed credentials and access tokens left unsecured in '
'development systems',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Employee information',
'sensitivity_of_data': 'High (intellectual property, patient '
'data, experimental treatments)',
'type_of_data_compromised': ['Clinical trial records',
'Employee information',
'Proprietary AI models',
'Scientific imaging datasets',
'Internal research documents']},
'description': 'Pharmaceutical giant Novo Nordisk is grappling with a severe '
'cybersecurity breach after the ransomware group FulcrumSec '
'claimed to have stolen 1.3 terabytes of sensitive data, '
'including clinical trial records, employee information, and '
'proprietary AI models used in drug development. The hackers '
'allege they infiltrated the company’s systems months ago, '
'exfiltrating data tied to experimental treatments for '
'diabetes, obesity, chronic kidney disease, and sickle cell '
'disease. FulcrumSec has demanded a $25 million ransom, and '
'after Novo Nordisk reportedly refused to pay, the group began '
'leaking samples of the stolen data on its dark web site.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '1.3TB of sensitive data',
'identity_theft_risk': 'Employee information compromised',
'operational_impact': 'Main operations remaining functional'},
'initial_access_broker': {'entry_point': 'Exposed credentials and access '
'tokens in development systems',
'high_value_targets': ['Clinical trial records',
'AI models',
'Proprietary research'],
'reconnaissance_period': 'Months'},
'investigation_status': 'Ongoing',
'motivation': 'Financial extortion, data theft for competitive or malicious '
'exploitation',
'post_incident_analysis': {'root_causes': 'Exposed credentials and access '
'tokens in development systems'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$25 million',
'ransom_paid': 'Reportedly refused to pay'},
'references': [{'source': 'Cyber incident description'}],
'response': {'communication_strategy': 'Acknowledged IT security incident, '
'prioritizing protection of patient '
'data',
'law_enforcement_notified': 'Working with authorities'},
'threat_actor': 'FulcrumSec',
'title': 'Novo Nordisk Hit by Major Ransomware Attack: 1.3TB of Sensitive '
'Data Stolen',
'type': 'Ransomware',
'vulnerability_exploited': 'Exposed credentials and access tokens'}