Hackers Claim 1TB Data Theft from Wegovy and Ozempic Maker Novo Nordisk, Demand $25 Million
Published
Key Takeaways
- Massive Theft Claimed: FulcrumSec says it stole more than a terabyte of data from Novo Nordisk, the Wegovy and Ozempic maker.
- Ransom Refused: The group demanded $25 million, which Novo Nordisk says it declined to pay.
- Two Attacks: The company was reportedly hit by two separate threat actors this year.
A cyber extortion group called FulcrumSec claims to have stolen more than 1 terabyte of data from pharmaceutical giant Novo Nordisk, known for obesity and diabetes treatments Wegovy and Ozempic. The gang demanded $25 million, a sum the company refused to pay.
The group, which emerged in October 2025, said it spent more than two months inside the company's networks.
What FulcrumSec Claims to Have Stolen
A spokesperson said the company is aware of claims that data allegedly copied externally without authorisation has been published online, but the authenticity of the data breach could not immediately be verified, according to Reuters. The group said the haul includes:
- company source code,
- proprietary information on released and unreleased drugs,
- trial data,
- employee, doctor and patient data,
- information on company processing facilities,
- internal AI model information.
FulcrumSec said it is now exploring private sales for some data after the refusal. The group stated it would not share data on thousands of employees and physicians and roughly 11,500 pseudonymized clinical trial patients. It would also withhold data on operational technology at Novo Nordisk production facilities.
Novo Nordisk disclosed a cybersecurity incident on June 11, saying it involved unauthorized access to a limited number of internal IT systems that included access to certain personal data, including:
- Patient ID (random alphanumeric string) and information on trial participation
- Sex
- Year of birth
- Biomarkers
- Health/immunogenicity data
- lifestyle factors, e.g., smoking, alcohol use, BMI
Two Compromise Reports
FulcrumSec told the DataBreaches.net blog on June 15 it gained access in March and shared purported correspondence listing more than 700,000 files, roughly 1.3 terabytes.
On June 16, a new report talked about a second threat actor identified as TheUSERS007. VX-Underground reported separately about an unnamed hacker compromising Novo Nordisk.
The spokesperson said the company takes the matter seriously, maintains continued operations of its main platforms, and is in contact with relevant authorities.
In other recent news, a hacker claimed a Nintendo data breach, allegedly stealing approximately 860 MB via TINYpulse systems.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular