FulcrumSec indicates that they are considering divesting portions of the compromised data. The leaked information encompasses confidential details about pharmaceuticals and treatments.
On Tuesday, a notorious hacking collective announced that they had successfully breached pharmaceutical powerhouse Novo Nordisk's systems, making off with over a terabyte of sensitive information in the process. The group now plans to auction off portions of the stolen data, having initially sought $25 million from the Danish company.
Related ↗Prince George set for esteemed education at Eton.A notorious cyber extortion group, FulcrumSec, which originated in October 2025, boasted about infiltrating Novo Nordisk's systems for over two months. During this time, the hackers made off with a vast array of sensitive data, including source code, confidential details on existing and forthcoming medications, clinical trial results, personnel records, medical professional information, patient data, and internal insights into company processing facilities and AI models.
Novo Nordisk confirms it's investigating a serious incident where sensitive information was compromised through unauthorized external access to its systems, resulting in data being leaked online. The company's core services remain operational despite this breach, and they're working closely with law enforcement agencies to address the situation promptly.
Read next ↗Algae infestation prompts emergency response at Reflecting Pool.The legitimacy of the data shared by the hacking collective remains unconfirmed at this time.
Novo Nordisk swiftly reached out to FulcrumSec via an anonymous Proton Mail account on June 3, just two days after the hacking collective's initial contact with company executives. The email address was randomly generated and sent to the same inboxes used by FulcrumSec for their initial outreach efforts. To verify the authenticity of the communication, Novo Nordisk requested specific files that only they would be aware confirming their identity through this process.
FulcrumSec's spokesperson clarified their stance on monetizing stolen data, revealing they'd rather release it publicly to serve as a warning to other organizations about the costs of compliance.
Novo Nordisk revealed a significant cybersecurity breach on June 11, where hackers gained unauthorized entry into select internal IT systems, compromising sensitive employee information.
Following the refusal to pay a hefty sum of $25 million, FulcrumSec began exploring alternative avenues for selling sensitive information about Novo Nordisk's pharmaceuticals and internal operations.
FulcrumSec's reputation as a legitimate hacking collective is supported by Thomas Willkan, head of research at Lab-1, who has extensively monitored the group's activities.
FulcrumSec has chosen to withhold sensitive details from public disclosure, specifically employee and physician information, along with data on approximately 11,500 pseudonymized clinical trial participants.
As part of their "harm-reduction strategy," the hackers plan to deny access to sensitive information about operational technology, including systems that engage with sensors and machinery in Novo Nordisk's manufacturing sites.
The pharmaceutical company Novo Nordisk has gained recognition for its innovative therapies targeting obesity and diabetes management.
A cybersecurity blog, DataBreaches.net, revealed on June 15 that hackers from the notorious collective had infiltrated Novo Nordisk's network as early as March. According to FulcrumSec, who shared correspondence with Novo Nordisk starting June 1, the breach involved over 700,000 files, totaling approximately 1.3 terabytes of data, as detailed in a list provided by the hackers.
A malicious actor was discovered to have breached the security of pharmaceutical giant Novo Nordisk by VX-Underground, a platform tracking malware and cyber threats. FulcrumSec confirmed this incident as an isolated attack.
