Hackers Hit the World's Biggest Pharma Company. Then They Got Greedy.
A hacking group claims it stole over a terabyte of Novo Nordisk's most sensitive data, including AI models, drug formulas, and clinical trial records, then demanded $25 million. The company refused to pay. Now the data is hitting the dark web.
The $25 Million Shakedown
Somewhere inside Novo Nordisk's network, uninvited guests had been living rent-free for two months. By the time the Danish pharma giant noticed, the damage was done.
A hacking group calling itself FulcrumSec claims it infiltrated Novo Nordisk's internal systems back in March 2026 and spent weeks quietly vacuuming up data. Their alleged haul: over 1.3 terabytes of files, spanning everything from clinical trial records to proprietary AI models. Their price to make it all go away? $25 million.
Novo Nordisk didn't pay.
Now the hackers say they're shopping the data to private buyers, and some of it is already leaking onto the dark web. Welcome to the most brazen cyberattack the pharma industry has seen in years.
What Novo Nordisk Admits (and What It Won't)
On June 11, Novo Nordisk disclosed that someone had gained "unauthorised access to a limited number of internal IT systems" and copied non-public data, including personal information. The company took some internal systems offline, brought in outside cybersecurity experts, and began notifying affected individuals.
So far, Novo Nordisk has confirmed a fairly specific, limited scope of damage. The stolen clinical trial data covers roughly 11,500 trial participants and was pseudonymized, meaning it uses random ID codes instead of actual names. The dataset includes things like sex, year of birth, biomarkers, BMI, smoking status, and immune response data. No names, no addresses, no national ID numbers.
Some healthcare provider data also got scooped up: names, email addresses, phone numbers, WhatsApp contacts, and office locations of doctors involved in trials.
The company's core message has been consistent: essential business functions are unaffected. Manufacturing and supply of its blockbuster drugs Ozempic and Wegovy continue to hum along. Translation: don't panic, investors.
But here's what Novo Nordisk hasn't confirmed: basically everything FulcrumSec claims about the scale of the attack.
Get tomorrow's biotech intelligence before your competitors.
Join thousands of biotech professionals who start their day with our free, daily briefing.
The Hackers' Version Is Way Scarier
If FulcrumSec's claims are accurate (and cybersecurity researchers say at least some of the evidence checks out), this breach goes far beyond patient records. Think of it like someone breaking into your house and stealing not just your wallet, but your blueprint collection, your secret recipes, and your self-driving car's brain.
The group claims to have stolen:
4,748 source-code repositories for internal systems
Over 41,000 proprietary drug compounds with their chemical structures
Data on five undisclosed drug programs (i.e., drugs the public doesn't even know about yet)
30+ trained AI models and 73 datasets used in drug discovery
Nearly half a terabyte of proprietary microscopy images used for research
The exact manufacturing recipe for one of Novo Nordisk's major drugs
Records on more than 163,000 employees
To back up their claims, FulcrumSec has posted screenshots of internal logins, clinical file directories, and AI architecture samples. About 264 GB of data is reportedly already available for download on their dark-web leak site.
Novo Nordisk has acknowledged "allegations regarding the unauthorized external publication of data" but hasn't validated the attackers' description of what was taken. The gap between the company's "limited incident" framing and the hackers' "we have everything" narrative is enormous.
Why AI Models Are the Real Crown Jewels
Forget patient names for a second. The most alarming part of this breach, if confirmed, isn't the clinical data. It's the AI.
Modern pharma companies like Novo Nordisk pour billions into building machine learning models that can predict which drug candidates will work, analyze microscopy images, and accelerate the entire discovery process. These models represent years of training on proprietary data. They are, in many ways, the competitive moat around the business.
Cybersecurity analysts say most pharma security programs were designed to protect patient records and manufacturing systems. AI model weights, training datasets, and feature stores? Those often sit in a poorly guarded gray zone between business IT and regulated systems. Nobody red-teams the drug discovery pipeline.
If someone gets your trained AI models and the data behind them, they could theoretically clone your discovery engine, reverse-engineer your drug strategy, or identify weaknesses to exploit in future attacks. One analyst described it as stealing not just the treasure, but the map to find more of it.
The Bigger Picture: Pharma Is Getting Hammered
Novo Nordisk isn't an isolated case. It's the highest-profile domino in a cascade that's been building for years.
In February 2024, pharma distributor Cencora suffered a data breach that cascaded into at least 27 pharmaceutical companies, including Bayer, Novartis, and AbbVie. In August 2025, research firm Inotiv got hit with ransomware; the Qilin gang claimed 176 GB of stolen data. Swiss company Octapharma had to temporarily close more than 150 plasma donation centers in the U.S. after a 2024 cyber incident.
The pattern is clear and accelerating. The attackers have figured out that pharma companies sit on some of the most valuable data in the world: drug formulas, clinical trial results, patient health records, AI-powered research tools. It's like discovering that the bank vault was guarded by a screen door.
Wall Street Shrugged
You might expect the stock of the world's most targeted pharma company to crater. It didn't.
Novo Nordisk shares showed no significant drop specifically tied to the breach news. In the week the story broke, the stock on the Copenhagen exchange was actually up about 4.6% over five days. The ADR on the NYSE held steady around $43.
Two analysts even raised their price targets during the news cycle. Berenberg bumped its target to 325 DKK with a buy rating on June 18, one day after the hacking headlines hit. The market's verdict, at least for now: this is a problem, not a crisis.
That said, Novo Nordisk was already nursing much deeper wounds. The stock has fallen roughly 50-60% over the past year and sits about 70-75% below its mid-2024 peak of roughly $650 billion, when GLP-1 mania was at fever pitch. Today the company is worth around $191 billion. The cyber breach landed on a stock that had already been through a meat grinder.
What Happens Next
Novo Nordisk's investigation is ongoing, and the real question is whether the company's "limited incident" characterization holds up as more data leaks out. If FulcrumSec's claims about manufacturing recipes, undisclosed drug programs, and AI models prove accurate, the regulatory and competitive fallout could be severe.
Under GDPR and the EU's NIS2 Directive, Novo Nordisk faces potential obligations around breach notification and data protection that go well beyond a press release. And cybersecurity experts warn that even the possibility of unauthorized access to research environments creates data integrity concerns: investigators may need to verify that nothing was tampered with, which could affect ongoing trials.
The scariest scenario isn't even the leak itself. It's the private sale. FulcrumSec has said it's considering selling specific drug data and AI assets to interested buyers. If proprietary compound libraries and trained models end up in a competitor's hands (or a nation-state's), the damage won't show up on a balance sheet for years.
Pharma's cybersecurity reckoning has been building for a long time. Novo Nordisk just became its poster child.
Clinical & Regulatory
5 min read
Big Pharma Is Spending $300 Billion to Avoid a Single Tax
The Trump administration threatened 100% tariffs on imported branded drugs. Pharma's response? Over $300 billion in pledged U.S. manufacturing investments, a wave of direct-to-consumer sales channels, and the biggest reshoring scramble the industry has ever seen.
