Novo Nordisk, the Danish maker of Ozempic and Wegovy, has been breached by a cyber-extortion crew calling itself FulcrumSec, which claims it stole 1.3 terabytes and around 700,000 files and demanded 25 million dollars. Novo Nordisk refused to pay, and on 15 June the group started leaking. The haul reportedly includes clinical-trial patient data, drug research and source code, plus something we have not seen stolen at this scale before: the company’s internal AI models. Novo Nordisk has confirmed unauthorised access to some of its IT systems.
FulcrumSec’s claims are one thing. What the data says is another, so we pulled the group’s full record from our Ransomtracker and ran novonordisk.com through our stealer-log index. Together those two datasets explain both who hit Novo Nordisk and why the company was a sitting duck.
Who is FulcrumSec?
FulcrumSec is a data-theft extortion group, not a classic file-encrypting locker, and our Ransomtracker has its full rap sheet. The crew has claimed 25 victims in 2026, and the shape of that activity is the tell. Twenty-one of them landed in a single April dump of mid-tier targets, names like Arup Group, Interzero and Stuf Storage, after which the group went quiet for two months. Novo Nordisk, listed on 16 June, is the only heavyweight on the entire list and the biggest scalp the crew has ever claimed.
There is no public evidence that anything on Novo Nordisk’s network was encrypted. The play is the one that has taken over ransomware in 2026: get in, take everything worth taking, and threaten to publish or sell it unless the victim pays. FulcrumSec runs a clearnet leak site at fulcrumsec.net and a Tor mirror, says it had access since March, opened a dialogue with the company on 1 June, and started posting samples and a file tree once the 25 million dollar demand went nowhere. The databreaches.net scoop and the group’s own leak-site post line up on the timeline.
What did they actually take?
Two very different kinds of data, and that is what makes this nasty. The first is the obvious target: clinical-trial information. Novo Nordisk has confirmed that data copied in the incident belongs to patients in select trials, including pseudonymised patient IDs, sex, year of birth, biomarkers, health and immunogenicity data, and lifestyle factors like BMI and smoking status. The company is careful, and correct, to point out that there are no full names or direct identifiers in that set, so re-identifying a person would need other data the attackers did not get. It rates the immediate patient risk as low. Fair enough.
The second kind is the one that should make every pharma CISO sit up. FulcrumSec published a detailed inventory of Novo Nordisk’s internal AI and machine-learning assets: a 16.7 GB multimodal model checkpoint that reportedly handles text, image and transcriptomic data, around 407 MB of proprietary biological and chemical training datasets, roughly 50 MB of source code for an internal tool the group calls NovoPert, complete logs from 113 training runs, plus HPC infrastructure maps, Slurm scheduler configs, SSH settings, about 53 GB of internal container images, developer identities and private GitHub URLs. Novo Nordisk has not confirmed or denied the AI claims. If even part of that is genuine, this is not a data breach in the ordinary sense. It is the theft of a drug-discovery research programme.
Why stealing the models matters more than the files
Novo Nordisk has bet heavily on AI. It backed Denmark’s first AI supercomputer and runs machine learning through drug discovery, molecular design and trial optimisation. A model checkpoint plus its training data and pipeline code is the distilled output of years of that work, and unlike a stolen customer database it does not lose value when it leaks. A competitor, or a state-backed lab, that gets hold of a trained multimodal model for biological data inherits capability, not just records. FulcrumSec clearly understands this, because it is reportedly dangling the data in front of rival firms as the alternative to a payout. Extortion groups have spent years monetising shame and regulatory fear. Selling stolen R&D to a competitor is a different and more durable business model.
What the stealer logs show
Here is where our second dataset earns its keep. We ran novonordisk.com through the stealer-log index behind our Stealercheck tool, and the company is heavily represented in the infostealer economy. The logs hold 211 sets of employee credentials tied to novonordisk.com addresses and 580 logins captured directly on Novo Nordisk’s own pages, all harvested by commodity infostealer malware. Sitting alongside them are 2,932 session cookies.
The session cookies are the part that should worry a defender most. A stolen but still-valid cookie lets an attacker resume a logged-in session with no password and no multi-factor prompt, which is how a large share of modern intrusions actually begin. Our index also holds more than 15,000 Novo Nordisk records across older breach and combolist dumps, the slower-burning half of the same exposure. We cannot prove from the outside that any single stolen login was FulcrumSec’s way in, and we are not going to claim it was. What we can say is that the credential supply chain that feeds intrusions like this one was wide open and well stocked the whole time. By the time a company lands on a leak site, the warning signs were usually sitting in stealer logs for weeks. Nobody was reading them.
What Novo Nordisk says
To the company’s credit, it has not gone quiet. Novo Nordisk says it identified unauthorised access to a limited number of internal IT systems on 11 to 12 June, brought in external investigators, notified regulators and law enforcement, and kept drug production and supply chains running. It confirmed the clinical-trial data exposure, framed the patient risk as low because the records are pseudonymised, and told patients to stay alert. It has pointedly not validated FulcrumSec’s AI-asset inventory, which is the responsible position until forensics are done, though it is also the claim the company would least want to confirm.
What this means for pharma
Pharmaceutical and biotech firms have quietly become the highest-value targets on the internet, and this incident shows why. They hold three things at once that criminals can turn into money: regulated patient data that triggers fines and lawsuits, proprietary drug research worth billions, and now trained AI models that compress that research into a portable file. An attacker no longer has to choose. The defensive takeaways are not exotic. Treat infostealer infections as breaches and monitor for your own domains in the stealer-log ecosystem, because the credentials feeding these intrusions are observable before the intrusion. Put AI research infrastructure, model registries, container images and GitHub access behind the same controls as crown-jewel data, because that is now what it is. Move privileged access to phishing-resistant authentication that does not mint replayable session cookies. Our guide to dark-web and infostealer monitoring covers the tooling, and you can check your own exposure with Stealercheck.
Novo Nordisk will survive this. It is one of Europe’s most valuable companies and its factories never stopped. The harder question is what happens to the models, because once a trained AI checkpoint is loose, no ransom payment and no court order puts it back in the box.
Frequently asked questions
Who attacked Novo Nordisk?
A data-theft extortion group called FulcrumSec. Our Ransomtracker has it at 25 claimed victims in 2026, mostly mid-tier names. It says it stole about 1.3 TB and 700,000 files from Novo Nordisk, demanded 25 million dollars, and began leaking on 15 June 2026 after the company refused to pay.
Was Novo Nordisk’s data encrypted with ransomware?
There is no public evidence of file encryption. This is a data-theft extortion attack, the dominant model in 2026, where the leverage is the threat to publish or sell stolen data rather than to lock it.
What data was stolen?
FulcrumSec claims clinical-trial patient data, drug research, source code and internal AI models. Novo Nordisk has confirmed exposure of pseudonymised clinical-trial data and has not confirmed the AI-asset claims.
Is patient data at risk?
Novo Nordisk says the exposed clinical-trial records are pseudonymised, with no full names or direct identifiers, and rates the immediate risk to patients as low. It still advises affected patients to stay vigilant.
Were stolen credentials involved?
We cannot confirm the entry point, but Novo Nordisk was already heavily exposed before the breach surfaced. Our stealer-log index shows 211 employee and 580 customer credentials for novonordisk.com in infostealer logs, plus 2,932 harvested session cookies. The credential supply chain that feeds these intrusions was active throughout.
Sources and further reading
- Novo Nordisk, incident update (official disclosure)
- DataBreaches.net, FulcrumSec leaks Novo Nordisk data after $25M demand goes unpaid
- SecurityWeek, Ozempic maker Novo Nordisk says hackers breached IT systems
- Victim listing and group activity: Ransomnews Ransomtracker, pulled 17 June 2026
- Stealer-log and exposure figures: Stealercheck, powered by the alerts.bar index, queried 17 June 2026
Reporting by the Ransomnews Research Team, combining our Ransomtracker leak-site monitoring with first-party stealer-log telemetry. We do not link to leak sites or reproduce stolen data.