Novo Nordisk (NVO) Stock: Hackers Claim $25M Ransom Refusal Led to Data Leak

TLDR

• Cyber extortion group FulcrumSec claims it stole over 1.3 terabytes of data from Novo Nordisk after the company refused a $25 million ransom demand.
• Stolen data allegedly includes source code, proprietary drug information, clinical trial records, and internal AI model files.
• FulcrumSec says it gained access via a GitHub access token discovered in March and spent over two months inside Novo Nordisk’s networks.
• Novo Nordisk disclosed a cybersecurity incident on June 11, confirming unauthorized access to certain internal IT systems and personal data.
• The group says it is now exploring private sales of select data portions, while vowing to withhold patient, employee, and manufacturing-related data.

Novo Nordisk confirmed a cybersecurity incident on June 11, saying unauthorized access had been gained to a limited number of internal IT systems. That disclosure came days after a ransomware and extortion group called FulcrumSec had already been inside the company’s networks for months.

NVO stock was trading around $66 at the time of the disclosure. The stock has faced pressure in recent months, and this breach adds another layer of uncertainty.

Novo Nordisk A/S, NVO

FulcrumSec says it first got in through a GitHub access token discovered in March. That token gave the group access to internal code repositories, which it used to pull additional login credentials and dig deeper into Novo Nordisk’s systems.

By the group’s own account, it spent more than two months inside the network. It claims to have walked out with approximately 1.3 terabytes of data spread across more than 700,000 individual files.

The group reached out to unnamed Novo Nordisk executives and demanded $25 million. The company made contact on June 3 — roughly 48 hours after that initial outreach — using a Proton Mail address to confirm it was actually the company. Novo Nordisk then declined to pay.

With the ransom rejected, FulcrumSec says it is now exploring private sales for select parts of the data haul.

The group told Reuters it would actually prefer to release the data publicly, calling it “a more effective deterrent for future companies to avoid paying.”

What Data Was Taken

FulcrumSec claims the stolen files include source code, proprietary information on both marketed and pipeline drugs, clinical trial data, and details tied to Novo Nordisk’s manufacturing operations.

It also claims to have internal AI model files. That detail carries weight given Novo Nordisk’s announced partnership with OpenAI, which was set to integrate AI across drug discovery, manufacturing, and commercial operations by late 2026.

The group says it will not release certain categories of data. That includes records on thousands of employees and physicians, data on roughly 11,500 pseudonymized clinical trial patients, and operational technology files from Novo Nordisk’s production facilities.

FulcrumSec described this as part of its “harm-reduction strategy.”

Credibility Assessment

Thomas Willkan, head of research at cybersecurity firm Lab-1, told Reuters the group is “usually quite legit in terms of both their capabilities and also their claims.” Willkan has closely tracked FulcrumSec since it first emerged in October 2025.

Reuters said it could not immediately verify the authenticity of the data posted by the group.

A Novo Nordisk spokesperson said the company “is aware of claims that data allegedly copied externally without authorisation from our systems has been published online,” and confirmed contact with relevant authorities.

DataBreaches.net reported on June 15 that FulcrumSec shared purported correspondence with Novo Nordisk starting June 1, including a file list of more than 700,000 items totaling roughly 1.3 terabytes.

VX-Underground also reported on Monday about an unnamed hacker compromising Novo Nordisk. FulcrumSec says its attack is separate from that incident.

The post Novo Nordisk (NVO) Stock: Hackers Claim $25M Ransom Refusal Led to Data Leak appeared first on CoinCentral.