A hacking group is threatening to sell more than a terabyte of stolen Novo Nordisk data after the pharmaceutical giant refused to pay a $25 million ransom demand, Reuters reported on Tuesday.
FulcrumSec, a cyber extortion group that emerged in October 2025, said in a message posted to its website that the stolen data includes company source code, proprietary information on released and unreleased drugs, clinical trial data, employee, doctor and patient data, production facility information and internal AI model data.
The group said it spent more than two months inside Novo Nordisk's networks before making the demand. The Danish company, known as the maker of Wegovy and Ozempic, disclosed a cybersecurity incident on June 11 involving unauthorized access to a limited number of internal IT systems. Novo Nordisk did not immediately respond to the media request for comment on FulcrumSec's claims. Reuters said it could not independently verify the authenticity of the data.
FulcrumSec said it is now exploring private sales of some of the stolen data related to certain drugs and other internal information.
The group said it would withhold some of what it took, including information on thousands of employees and physicians, roughly 11,500 pseudonymised clinical trial patients, and operational technology data related to Novo Nordisk's production facilities, describing the decision as part of a harm-reduction strategy.
Thomas Willkan, head of research at cybersecurity firm Lab-1, told Reuters that FulcrumSec is "usually quite legit in terms of both their capabilities and also their claims."
DataBreaches.net, a cybersecurity blog, reported separately that FulcrumSec told the site it gained access to Novo Nordisk's network in March and shared purported correspondence with the company beginning June 1, including a list of more than 700,000 files totalling roughly 1.3 terabytes.
