Excerpt from Reuters, Published on June 16, 2026
The Novo Nordisk cyberattack has drawn significant attention after cyber extortion group FulcrumSec claimed it stole more than 1.3 terabytes of data from the pharmaceutical company’s networks and later attempted to extort $25 million from the organization. According to Reuters, the group alleges it spent more than two months inside Novo Nordisk’s systems before exfiltrating sensitive information.
FulcrumSec claimed the stolen data includes source code, proprietary information related to released and unreleased drugs, clinical trial data, employee and physician information, internal AI model details, and operational records. Reuters reported that it could not independently verify the authenticity of the data or the full scope of the group’s claims.
Novo Nordisk acknowledged a cybersecurity incident earlier this month and confirmed that unauthorized access affected a limited number of internal IT systems containing certain personal data. The company stated that it is aware of claims that data copied from its systems has been published online and is working with relevant authorities while maintaining normal business operations.
The Novo Nordisk cyberattack has renewed concerns about cybersecurity risks facing pharmaceutical and life sciences organizations. These companies often store valuable intellectual property, clinical research data, patient information, and proprietary drug development assets, making them attractive targets for cybercriminal groups seeking financial gain through extortion or data theft.
The incident has also highlighted the growing threat posed by data extortion campaigns, where attackers focus on stealing sensitive information and threatening public disclosure or private sale rather than disrupting operations through encryption-based ransomware attacks. As investigations continue, the full impact of the Novo Nordisk cyberattack remains under review.
For additional details, visit Reuters.
