Key Points FulcrumSec, a cybercrime extortion operation, alleges it extracted more than 1.3 terabytes of confidential files from Novo Nordisk following the company’s decision to reject a $25
On June 11, Novo Nordisk publicly acknowledged a security incident, reporting that intruders had obtained unauthorized entry to a restricted set of internal technology systems. This announcement followed months during which FulcrumSec, a ransomware and extortion collective, had allegedly maintained concealed access to the pharmaceutical giant’s digital infrastructure.
JUST IN: Hacking group claims it stole more than 1TB of data from Novo Nordisk after the company refused a $25 million extortion demand.
— Polymarket (@Polymarket) June 17, 2026
At the moment of the public disclosure, NVO stock was hovering near $66. The shares have experienced downward pressure over recent months, and this cybersecurity episode introduces additional complications for investors.
According to FulcrumSec, their initial entry point was a GitHub authentication token they located in March. This credential provided them with entry to internal software repositories, which they subsequently leveraged to harvest additional login information and expand their foothold within Novo Nordisk‘s digital environment.
The group asserts it maintained undetected presence within the network for over two months. During this period, they claim to have exfiltrated approximately 1.3 terabytes of information encompassing more than 700,000 separate files.
FulcrumSec contacted undisclosed executives at Novo Nordisk with a $25 million payment demand. The pharmaceutical company responded on June 3—about 48 hours following the initial contact—using a Proton Mail account to authenticate their identity. Subsequently, Novo Nordisk refused to meet the payment terms.
Following the rejection, FulcrumSec indicates it is now pursuing selective private transactions for specific segments of the stolen information.
The threat actors informed Reuters they would actually prefer public disclosure of the materials, characterizing it as “a more effective deterrent for future companies to avoid paying.”
FulcrumSec alleges the compromised files encompass source code, confidential details regarding both commercialized and developmental pharmaceuticals, clinical research data, and information connected to Novo Nordisk’s production operations.
The group also claims possession of internal artificial intelligence model files. This particular element carries significance considering Novo Nordisk’s publicized collaboration with OpenAI, which aimed to embed AI capabilities throughout drug development, production processes, and business operations by the end of 2026.
FulcrumSec maintains it will withhold certain data categories from release. These protected materials include documentation on thousands of staff members and medical professionals, information concerning approximately 11,500 anonymized clinical trial participants, and operational technology files from Novo Nordisk’s manufacturing locations.
The collective characterized this selective withholding as component of its “harm-reduction strategy.”
Thomas Willkan, research director at cybersecurity organization Lab-1, informed Reuters that FulcrumSec is “usually quite legit in terms of both their capabilities and also their claims.” Willkan has maintained close surveillance of FulcrumSec since the group’s first appearance in October 2025.
Reuters noted it could not immediately authenticate the legitimacy of the materials published by the threat actors.
A representative from Novo Nordisk stated the organization “is aware of claims that data allegedly copied externally without authorisation from our systems has been published online,” and verified communication with appropriate regulatory bodies.
DataBreaches.net documented on June 15 that FulcrumSec provided alleged communications with Novo Nordisk beginning June 1, including a catalog of over 700,000 items totaling approximately 1.3 terabytes.
VX-Underground also published a report on Monday regarding an unidentified threat actor compromising Novo Nordisk. FulcrumSec maintains its intrusion represents a distinct incident from that reported breach.
The post Novo Nordisk (NVO) Stock Under Pressure as Hackers Leak Stolen Data After Ransom Rejection appeared first on Blockonomi.
