Key facts
- Cyber extortion group FulcrumSec claims to have stolen over 1 terabyte of data from Novo Nordisk.
- The stolen data reportedly includes company source code, proprietary drug information, trial data, and employee/patient details.
- FulcrumSec demanded $25 million from Novo Nordisk, which the company allegedly refused.
- The group is now considering private sales for parts of the stolen data.
- Novo Nordisk had previously disclosed a cybersecurity incident on June 11 involving unauthorized access to internal IT systems.
A cyber extortion group known as FulcrumSec has claimed responsibility for a significant data breach at pharmaceutical company Novo Nordisk, alleging the theft of over a terabyte of sensitive information. The group stated it spent more than two months within Novo Nordisk's networks, compromising data that includes company source code, proprietary information on released and unreleased drugs, clinical trial data, employee, doctor, and patient information, details related to processing facilities, and internal AI model data.
FulcrumSec reportedly demanded $25 million from Novo Nordisk for the stolen data, but the company refused to pay. Following the refusal, the group announced it is exploring private sales for portions of the data, particularly information related to specific drugs and other internal company data. Novo Nordisk had previously disclosed a cybersecurity incident on June 11, acknowledging unauthorized access to a limited number of internal IT systems that included personal data.
Thomas Willkan, head of research at cybersecurity firm Lab-1, noted that FulcrumSec is generally considered credible regarding its capabilities and claims. The group indicated it would withhold certain data, such as information on thousands of employees and physicians, and approximately 11,500 pseudonymised clinical trial patients, as part of a 'harm-reduction strategy.' They also stated they would withhold data related to operational technology and software used at production facilities.
Reports from DataBreaches.net indicate that FulcrumSec claimed to have gained network access in March and shared correspondence with Novo Nordisk starting June 1, detailing over 700,000 files comprising about 1.3 terabytes of data. Separately, VX-Underground reported on a compromise of Novo Nordisk by an unnamed hacker, though FulcrumSec asserted its attack was distinct.