A hacking group alleges that it has infiltrated Novo Nordisk and is requesting $25 million.

A hacking group alleges that it has infiltrated Novo Nordisk and is requesting $25 million.

      A cyber-extortion group named FulcrumSec announced on Monday that it has stolen approximately 1.3 terabytes of data from Novo Nordisk, the Danish manufacturer of the weight-loss medications Wegovy and Ozempic, demanding $25 million to keep it confidential. Novo Nordisk chose not to pay. According to the group, it is now searching for buyers for the stolen data.

      While figures in a data breach can often be recited easily, the more concerning aspect is the duration of the breach. FulcrumSec asserts it spent over two months inside the company’s systems before being detected, a timeline that should alarm company executives more than the ransom demand itself. Two months is not merely a quick theft.

      The list of data allegedly taken resembles an index of items a pharmaceutical firm would dread losing: source code, proprietary information regarding both released and unreleased drugs, clinical trial documentation, employee, doctor, and patient records, manufacturing details, and information the group stated pertains to the company’s internal AI systems.

      The extensive nature of the breach is critical. This wasn’t just a single exposed database, but according to FulcrumSec, a lengthy exploration of the premises.

      Novo Nordisk has confirmed it identified unauthorized access to certain internal IT systems and is taking action in response to this incident. The company has not verified the amount of data claimed by the group nor the specific types of stolen information, and as of now, most of the details rely on FulcrumSec’s own assertions.

      After Novo Nordisk rejected the ransom, the group indicated it is considering private sales of portions of the data, including information related to specific drugs.

      FulcrumSec is a relatively new entity, emerging in October 2025 and adopting the now-common strategy of double-extortion groups: infiltrate, quietly extract data, and then threaten to publish it rather than simply encrypting it.

      This model is effective because stolen healthcare and research data maintain significant value on underground markets, being useful for fraud, identity theft, and targeted phishing long after the initial breach, a trend TNW has observed across numerous healthcare incidents.

      Declining to pay is the approach most security experts would recommend, as it also precipitates the next stage of the threat. Paying only funds future attacks and does not guarantee that the stolen data will be deleted; refusing payment increases the risk that the data will be leaked or sold.

      The debate over whether to outright ban ransom payments has divided the cybersecurity community for years, and incidents like this underscore the reason why.

      Currently, Novo Nordisk finds itself in a difficult position, having made the defensible choice but still facing repercussions. The ransom demand was refused, and if FulcrumSec’s claims are accurate, the data is now available on the market.

Other articles

According to The Information, OpenAI incurred losses of $3.7 billion in the first quarter. According to The Information, OpenAI incurred losses of $3.7 billion in the first quarter. In the first quarter of 2026, OpenAI incurred expenses of $3.7 billion, which is over half of its $5.7 billion revenue, with both numbers having tripled compared to the previous year, according to The Information. The company currently has $73 billion in cash. Shrek 5 trailer: A 'caked up' Gingerbread Man takes center stage as Donkey and the crew find themselves in jail. Shrek 5 trailer: A 'caked up' Gingerbread Man takes center stage as Donkey and the crew find themselves in jail. The first trailer for Shrek 5 has just been released and it's as wild as always, although not everyone is pleased with the franchise's polished new animation style. Europe is concerned about American AI as the technology sector gathers in France. Europe is concerned about American AI as the technology sector gathers in France. The G7 meeting in Evian and VivaTech in Paris begin this week, with a strong focus on European AI sovereignty, just days after the US restricted access to Anthropic’s leading models. Intel advances 18A-P into risk production to validate its manufacturing capabilities. Intel advances 18A-P into risk production to validate its manufacturing capabilities. Intel announced that the next version of its 18A process has commenced risk production, reporting a 9% increase in performance while pursuing external foundry clients. Europe worries about American AI as the tech industry converges in France. Europe worries about American AI as the tech industry converges in France. The G7 in Evian and VivaTech in Paris commence this week, focusing on European AI sovereignty, just days after the US restricted access to Anthropic's leading models. Everlab secures AU$65 million to shift primary care focus from treatment to prevention. Everlab secures AU$65 million to shift primary care focus from treatment to prevention. Melbourne healthtech company Everlab has successfully secured AU$65 million in an oversubscribed Series A round, led by Airtree. This funding will support its launch in the UK and efforts to expand into preventative care.

A hacking group alleges that it has infiltrated Novo Nordisk and is requesting $25 million.

FulcrumSec claims to have stolen 1.3TB from Novo Nordisk and has demanded $25 million. The manufacturer of Ozempic has acknowledged the breach but has declined to make the payment.