Overview
- Novo Nordisk confirmed unauthorized access to a limited set of internal IT systems and said certain data was copied, including pseudonymized clinical-trial records and identifiable healthcare‑provider contact details.
- The extortion group FulcrumSec has publicly claimed responsibility, saying it stole about 1.3 terabytes and more than 700,000 files and demanded a $25 million ransom before warning it may sell parts of the haul.
- Novo Nordisk engaged external cybersecurity experts, notified authorities, and temporarily took some systems offline as it investigates and restores affected services.
- Security researchers warn that pseudonymized trial data can be re‑identified when combined with other exposed data, and that alleged theft of source code and AI model assets would pose separate intellectual‑property and operational risks.
- As of June 17, independent verification of the full archive posted by FulcrumSec has not been confirmed and regulators in Europe may review the company’s handling of the breach under data‑protection rules.