A hacking group has asserted that it infiltrated Novo Nordisk and is requesting a ransom of $25 million.

A hacking group has asserted that it infiltrated Novo Nordisk and is requesting a ransom of $25 million.

      A cyber-extortion group named FulcrumSec announced on Monday that it had acquired approximately 1.3 terabytes of data from Novo Nordisk, the Danish manufacturer of the weight-loss medications Wegovy and Ozempic, and demanded $25 million for its confidentiality. Novo Nordisk opted not to pay. According to the group, it is now seeking buyers for the stolen information.

      While the figures in breaches like this can be easily stated, they are difficult to fully comprehend. One and a third terabytes represent a significant volume of files, but the more significant aspect is the duration. FulcrumSec claims it spent over two months within the company's networks before any action was taken to remove it, which is the part of the narrative that should concern a board more than the ransom demand itself. Two months does not indicate a hasty theft.

      The data that the group claims to have taken resembles an index of the most sensitive information a pharmaceutical company would wish to safeguard: source code, proprietary details on both released and unreleased medications, clinical trial data, records concerning employees, physicians, and patients, specifics about manufacturing facilities, and materials related to the company’s internal AI models as described by FulcrumSec.

      The extensive nature of the data is crucial. According to FulcrumSec, this was not merely a single exposed database but rather a comprehensive exploration within the company.

      Novo Nordisk confirmed it had detected unauthorized access to some of its internal IT systems and stated it was addressing the incident. However, the company has not confirmed the amount of data claimed by the group nor independently verified the specific types of stolen information, leaving much of the available information reliant on FulcrumSec’s statements.

      After Novo Nordisk rejected the ransom demand, the group indicated it was considering private sales of parts of the data, including information related to specific drugs.

      FulcrumSec is a relatively recent entity, emerging in October 2025, and has adhered to the now-common tactics of double-extortion groups: infiltrate, exfiltrate discreetly, then issue threats of publication instead of encrypting the data.

      This approach is effective because stolen healthcare and research data retains long-lasting value in criminal markets, applicable for fraud, identity theft, and targeted phishing long after the initial breach, a trend that TNW has documented across numerous healthcare incidents.

      Refusing to pay is a choice most security experts would recommend, and it typically leads to the next phase. Paying can finance the next attack and does not guarantee that the data will be destroyed, whereas refusal increases the likelihood that the material will be leaked or sold.

      The debate over whether to prohibit ransom payments outright has divided the cybersecurity industry for years, and cases like this one exemplify the complexity of the issue.

      Currently, Novo Nordisk finds itself in the uncomfortable position of having made a defensible decision while still confronting the fallout. The ransom was turned down, and if FulcrumSec is truthful, the data is now available on the market.

Other articles

Shareholders have filed a lawsuit against Microsoft regarding the slowdown in Azure and its expenditures on artificial intelligence. Shareholders have filed a lawsuit against Microsoft regarding the slowdown in Azure and its expenditures on artificial intelligence. A pension fund from Michigan has accused Microsoft of hiding a slowdown in Azure and rising AI expenses prior to a January decline that led to a loss of $357 billion in market value. Intel advances 18A-P into risk production to demonstrate its manufacturing capabilities. Intel advances 18A-P into risk production to demonstrate its manufacturing capabilities. Intel has announced that the next version of its 18A process has begun risk production, asserting a 9% increase in performance as it aims to attract external foundry clients. According to The Information, OpenAI incurred a loss of $3.7 billion in the first quarter. According to The Information, OpenAI incurred a loss of $3.7 billion in the first quarter. In the first quarter of 2026, OpenAI incurred expenses of $3.7 billion, which is more than half of its revenue of $5.7 billion, with both amounts having tripled compared to the previous year, according to The Information. The company currently has $73 billion in cash. Shrek 5 trailer: A 'caked up' Gingerbread Man takes the spotlight as Donkey and friends find themselves behind bars. Shrek 5 trailer: A 'caked up' Gingerbread Man takes the spotlight as Donkey and friends find themselves behind bars. The first trailer for Shrek 5 has just been released, and it's as wild as always, though not everyone is pleased with the franchise's polished new animation approach. Europe worries about American AI as the tech industry converges in France. Europe worries about American AI as the tech industry converges in France. The G7 in Evian and VivaTech in Paris commence this week, focusing on European AI sovereignty, just days after the US restricted access to Anthropic's leading models. Telegram contests India's directive that temporarily restricts the app. Telegram contests India's directive that temporarily restricts the app. Telegram has approached the Delhi High Court regarding a government directive that has blocked the platform until June 22, in connection with alleged cheating on India's NEET-UG medical examination.

A hacking group has asserted that it infiltrated Novo Nordisk and is requesting a ransom of $25 million.

FulcrumSec claims to have extracted 1.3TB of data from Novo Nordisk and is requesting $25 million. The manufacturer of Ozempic acknowledged the breach but declined to make any payment.