Europe’s biggest pharma company Novo Nordisk ‘hacked’

Europe’s biggest pharma company Novo Nordisk has been hit by a cyberattack, with cyber extortion group FulcrumSec claiming it spent more than two months inside the company's network and stole more than one terabyte of data.

According to a Reuters report, the hacking group said it gained access to Novo Nordisk's systems, collected sensitive information and later demanded $25 million from the company. After Novo Nordisk allegedly refused to pay, FulcrumSec said it is now exploring selling parts of the stolen data. Reuters said it could not independently verify the authenticity of the information released by the group.

Cyber group FulcrumSec claims it stole sensitive company data

In a message posted on its website, FulcrumSec claimed it spent more than two months inside Novo Nordisk's network gathering data.

The group said the stolen information includes company source code, internal documents, information related to released and unreleased drugs, clinical trial data, employee records, doctor and patient information, production facility details and information related to internal AI models.FulcrumSec emerged in October 2025 and has since been linked to several cyber extortion operations.

Novo Nordisk confirms cyberattack claims

A Novo Nordisk spokesperson told Reuters that the company is aware of claims that data allegedly copied from its systems has been published online.

The company, the spokesperson said, "is aware of claims that data allegedly copied externally without authorisation from our systems has been published online. We take this matter seriously and maintain continued operations of our main platforms. We are in contact with the relevant authorities." The company added that its major platforms continue to operate normally.

Cyber group allegedly demanded $25 million

According to the report, FulcrumSec said it contacted Novo Nordisk executives and later demanded $25 million.

The group claimed Novo Nordisk refused to pay the ransom demand.Consequently, FulcrumSec said it was "exploring private sales" of some of the stolen information, including data related to certain drugs and internal company operations. However, the group said it would not release some categories of information, including data linked to thousands of employees, physicians and approximately 11,500 pseudonymised clinical trial participants.