Novo Nordisk 2026 Data Breach

Novo Nordisk 2026 Data Breach

Healthcare / Pharmaceuticals (diabetes & obesity care) / Global research and manufacturing pharma / Denmark-headquartered, global

Novo Nordisk 2026 Data Breach

Danish multinational pharmaceutical company, a global leader in diabetes and obesity care, maker of insulin and GLP-1 therapies such as Ozempic and Wegovy.

Confirmed · ObscureIQ Intelligence
Breach Risk Index i
88/100
Lower riskHigher risk
High and current: recent, valuable data circulating on the dark web now.
Data Sensitivity i
Elevated
Exposed data raises the risk of fraud, targeting, and impersonation. Proactive steps are warranted.
23k rowsRecords
2026Year

The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.

Crucial data exposed
PHI / MedicalMedical Diagnosis
Classification Tags
FulcrumSecHealthcarePharmaceuticalsClinical-Trial Patients2026

Breach Summary

On June 11, 2026, Novo Nordisk confirmed unauthorized access to a limited set of internal systems after the actor FulcrumSec used a GitHub access token (reportedly obtained in March 2026) to dwell in its cloud and code infrastructure for more than two months. FulcrumSec claimed a 1.3TB trove including source-code repositories, drug-compound structures, AI models, roughly 11,500 pseudonymized clinical-trial patient records and more than 163,000 employee records, demanding about $25 million; a separate actor, TheUSERS007, demanded $50 million. Roughly 23,000 records are tracked as circulating in this entry; the larger figures are actor claims, and partial data has been leaked following non-payment.

Full threat analysis, exploitation vectors, and principal guidance below.

10 additional sections · verified field analysis · defensive doctrine

Querying breach corpus…
Cross-referencing exposed field types…
Resolving threat-actor attribution…
Compiling principal risk advisory…

23k rows records analyzed

About Novo Nordisk

Novo Nordisk is a Danish multinational pharmaceutical company founded in 1923 and headquartered in Bagsvaerd, Denmark, and one of the world's largest makers of diabetes and obesity treatments, including insulin and GLP-1 therapies such as Ozempic and Wegovy. It runs global research, clinical-trial and manufacturing operations and employs tens of thousands of people worldwide.

Why They Hold Your Data

As a research-driven pharmaceutical company, Novo Nordisk holds clinical-trial participant data (typically pseudonymized), healthcare-professional records, employee data, and highly sensitive intellectual property including drug-compound structures, source code and manufacturing processes. The personal-data exposure centers on trial patients, healthcare professionals and staff.

Recent Developments

On June 11, 2026 Novo Nordisk detected unauthorized access to a limited number of internal systems; FulcrumSec claimed a 1.3TB exfiltration (partially leaked after non-payment of a reported $25M demand), and a separate actor, TheUSERS007, also claimed access. Novo declined to pay and engaged incident responders.

Data Points Exposed

1 verified field types
Medical Diagnosis Critical

Breach Impact

Beyond the personal-data exposure of clinical-trial patients, healthcare professionals and employees, the incident threatens Novo Nordisk's core intellectual property (compound libraries, AI models, manufacturing processes), a strategic and competitive risk unusual for a personal-data breach. It carries multi-jurisdiction regulatory notification, including GDPR and health-data regimes, and litigation exposure, and the dual-actor extortion raises the likelihood of staged public leaks.

Principal Risk Advisory

What this means for a principal

A healthcare-linked breach: exposure ties a named individual to a provider relationship and, where clinical or insurance data is present, to conditions and treatment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.

What You Should Do

  1. Watch for medical-benefit fraud and health-themed phishing that references real provider relationships.
  2. Do not use unofficial 'am I affected' lookups; several are themselves harvesting operations.

How ObscureIQ Can Help

  1. Corpus confirmation: determine whether and where the principal (plus household and staff) appear in this dataset and which specific fields are exposed for them.
  2. Exposure mapping: cross-reference the exposed identifiers against broker-available data to size and prioritize the principal's wider footprint.
  3. ThreatWatch tuned to this incident's identifiers and misuse pattern (impersonation and targeting patterns, not generic credential monitoring).
F
Threat Actor: FulcrumSecConfidence: High
Data extortion group

Motivation: Financial extortion
A cloud-focused data-extortion / hack-and-leak actor active since ~September-October 2025 specializing in high-speed exfiltration of cloud-hosted data rather than encryption; ~25 claimed victims across 11 countries incl. Novo Nordisk, LexisNexis and Avnet.

Read the full threat-actor profile →

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation