FulcrumSec, a cyber extortion collective that the group says emerged in October 2025, posted a lengthy message on its website on Tuesday claiming it exfiltrated more than a terabyte of material from global pharmaceutical company Novo Nordisk after spending in excess of two months inside the firm's networks.
According to the posting, the stolen data set includes company source code, proprietary information on both released and unreleased medicines, clinical trial data, personal details for employees, physicians and roughly 11,500 pseudonymised clinical trial participants, information tied to production facilities and internal artificial intelligence model material.
FulcrumSec said it opened a channel with Novo Nordisk seeking payment of $25 million, which the group alleges the company did not provide. After that refusal, the group said it is "exploring private sales" of certain drug-related records and other internal files. The group stated it would not distribute some categories of data, including information on thousands of company employees and physicians and the approximately 11,500 pseudonymised clinical trial subjects. It also said it would withhold material related to operational technology and software that interacts with sensors and machinery at production sites, describing that withholding as part of a "harm-reduction strategy."
On June 11 the Danish company publicly disclosed a cybersecurity incident, saying that unauthorized access had been detected involving a limited number of internal IT systems and that certain personal data had been accessed. Novo Nordisk did not immediately reply to a request for comment about the specific claims made by FulcrumSec. The extortion group also did not immediately answer requests for comment on the assertions posted to its website. Reuters could not immediately verify the authenticity of the data published by the group.
Thomas Willkan, head of research at cybersecurity firm Lab-1 who has been tracking FulcrumSec closely, said the group is "usually quite legit in terms of both their capabilities and also their claims." The post and subsequent reporting identify a file list of more than 700,000 items, representing roughly 1.3 terabytes of data, that FulcrumSec presented in correspondence it says began on June 1.
Independent cybersecurity-focused outlets reported related developments. A blog covering data breaches and extortion reported on June 15 that FulcrumSec told the blog it first gained access to Novo Nordisk's network in March and shared alleged correspondence starting June 1 listing the files. Separately, a malware research repository reported that an unnamed hacker had compromised Novo Nordisk, though FulcrumSec said its claimed attack is separate from that reporting.
FulcrumSec's public statement asserts a wide range of sensitive categories were taken, spanning software assets, clinical materials and personal data. The group also set out limits on what it will publicly release, indicating a selective approach to distribution. Novo Nordisk is widely known for treatments for obesity and diabetes, including Wegovy and Ozempic, and the company has acknowledged the cybersecurity incident while the claims by the extortion group remain unverified by independent parties.
Summary of known facts:
- FulcrumSec claims it spent more than two months inside Novo Nordisk networks and stole roughly 1.3 terabytes of data.
- The group says it sought $25 million from Novo Nordisk and, after the company did not pay, is exploring private sales of some files while withholding certain personal and operational data.
- Nov o Nordisk disclosed unauthorized access to a limited number of internal IT systems on June 11; neither the company nor FulcrumSec immediately responded to requests for comment and independent verification of the posted data has not been established.