Forgot your password?
typodupeerror
Privacy Security

Hacking Group Claims Major Hack of Novo Nordisk, Attempted $25 Million Extortion (reuters.com) 15

Reuters reports a cyber extortion group has claimed responsibility for breaching Novo Nordisk's network, stealing roughly 1.3 terabytes of data, including source code, drug research, clinical-trial records, employee and physician information, production-system details, and internal AI model data. The group says it's exploring selling parts of the data after unsuccessfully demanding $25 million from the company. From the report: FulcrumSec, a cyber extortion group that emerged in October 2025, said in a long message posted to its website that it spent more than two months in Novo Nordisk's networks stealing data. It said that data included company source code, proprietary information on released and unreleased drugs, trial data, employee, doctor and patient data, information related to company processing facilities and internal AI model information.

[...] FulcrumSec told Reuters in an email that Novo Nordisk representatives contacted the group on June 3, roughly 48 hours after the group's initial contact to unnamed company executives. The company used a random Proton Mail email address sent to email addresses that FulcrumSec used in its initial outreach, and confirmed it was the company by requesting specific files for verification only the company would know about.

The FulcrumSec representative also said that the group would prefer not to sell data, "as open sourcing it is a more effective deterrent for future companies to avoid paying." [...] FulcrumSec said it would not share some of the data it stole, including information on thousands of company employees and physicians, and roughly 11,500 pseudonymized clinical trial patients. The group said it also would withhold data related to operational technology and software used to interact with sensors and machinery at Novo Nordisk production facilities as part of its "harm-reduction strategy."
A Novo Nordisk spokesperson said in an email that the company "is aware of claims that data allegedly copied externally without authorization from our systems has been published online. We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities."

Hacking Group Claims Major Hack of Novo Nordisk, Attempted $25 Million Extortion

Comments Filter:
  • The U.S. Department of Justice can now set up a cutout and try to buy that data as part of a criminal investigation and sting operation.

    Here's hoping they do, and that they nail these bastards, as an example to the rest of them.

    • The company is Danish.
      • They're the makers of Ozempic so an attack on them is an attack on Americans, obviously!
        • by Anonymous Coward

          Stop eating Danishes and fatty won't need Ozempic; just sayin'.

          • Fun fact: The things you call "Danish" (or as you phrase it: "Danishes")...... Aren't really Danish.

            In Denmark we call it WienerbrÃd - which translates to "Bread from Vienna" - basically it is a historical artifact, caused by industrial disputes, imported labour, local adaptions and the randomness of how people name things.

    • Re: (Score:3, Insightful)

      by drinkypoo ( 153816 )

      The U.S. Department of Justice can now set up a cutout and try to buy that data as part of a criminal investigation and sting operation.

      Instead they will buy that data as part of an investigation in to who's getting abortions. You forgot who's running this country, they're not interested in catching criminals. That's difficult and expensive compared to declaring victory.

  • With the number of available and vulnerable IoT devices and the number of motivated hacker groups supercharged with LLMs, shouldn't a lot of company and government secrets get revealed these days? Perhaps news organisations have a bottleneck being underfunded to go through leaked material?

  • by CEC-P ( 10248912 ) on Wednesday June 17, 2026 @01:32PM (#66197222)
    I cannot name one single American large medical provider or pharma company that doesn't outsource its IT engineering and maintenance to clueless Indian companies who rush everything, lie about credentials, and generally just don't give a shit. Hmm, I wonder what led to this.
  • Sure, that's a lot of valuable data. But what pharmaceutical company would want to touch that, maybe some fly-by-night small foreign players. But anyone who would get close to dropping $25 million is going to avoid the liability like the plague.

    • by Slayer ( 6656 )

      Any high roller pharmaceutical company would quickly found a small startup with enough separation to provide plausible denial, then fund it with the cash required to get that data. Whatever trade secrets are in these 1+TB, knowing them is worth way more that these 25M.

"It's my cookie file and if I come up with something that's lame and I like it, it goes in." -- karl (Karl Lehenbauer)

Working...