Healthcare / Pharmaceuticals (diabetes & obesity care) / Global research and manufacturing pharma / Denmark-headquartered, global
Danish multinational pharmaceutical company, a global leader in diabetes and obesity care, maker of insulin and GLP-1 therapies such as Ozempic and Wegovy.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
On June 11, 2026, Novo Nordisk confirmed unauthorized access to a limited set of internal systems after the actor FulcrumSec used a GitHub access token (reportedly obtained in March 2026) to dwell in its cloud and code infrastructure for more than two months. FulcrumSec claimed a 1.3TB trove including source-code repositories, drug-compound structures, AI models, roughly 11,500 pseudonymized clinical-trial patient records and more than 163,000 employee records, demanding about $25 million; a separate actor, TheUSERS007, demanded $50 million. Roughly 23,000 records are tracked as circulating in this entry; the larger figures are actor claims, and partial data has been leaked following non-payment.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
23k rows records analyzed
Novo Nordisk is a Danish multinational pharmaceutical company founded in 1923 and headquartered in Bagsvaerd, Denmark, and one of the world's largest makers of diabetes and obesity treatments, including insulin and GLP-1 therapies such as Ozempic and Wegovy. It runs global research, clinical-trial and manufacturing operations and employs tens of thousands of people worldwide.
As a research-driven pharmaceutical company, Novo Nordisk holds clinical-trial participant data (typically pseudonymized), healthcare-professional records, employee data, and highly sensitive intellectual property including drug-compound structures, source code and manufacturing processes. The personal-data exposure centers on trial patients, healthcare professionals and staff.
On June 11, 2026 Novo Nordisk detected unauthorized access to a limited number of internal systems; FulcrumSec claimed a 1.3TB exfiltration (partially leaked after non-payment of a reported $25M demand), and a separate actor, TheUSERS007, also claimed access. Novo declined to pay and engaged incident responders.
Beyond the personal-data exposure of clinical-trial patients, healthcare professionals and employees, the incident threatens Novo Nordisk's core intellectual property (compound libraries, AI models, manufacturing processes), a strategic and competitive risk unusual for a personal-data breach. It carries multi-jurisdiction regulatory notification, including GDPR and health-data regimes, and litigation exposure, and the dual-actor extortion raises the likelihood of staged public leaks.
A healthcare-linked breach: exposure ties a named individual to a provider relationship and, where clinical or insurance data is present, to conditions and treatment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Motivation: Financial extortion
A cloud-focused data-extortion / hack-and-leak actor active since ~September-October 2025 specializing in high-speed exfiltration of cloud-hosted data rather than encryption; ~25 claimed victims across 11 countries incl. Novo Nordisk, LexisNexis and Avnet.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation