Novo Nordisk Data Leak: Hackers Expose AI Drug Models

Now I have all the data needed. Writing the article.

FulcrumSec infiltrated Novo Nordisk in March via an exposed GitHub token, spending more than two months inside networks before making contact with executives.
The hackers claim the stolen trove includes 30 trained AI models, 494 GB of cell painting microscopy images, and clinical records tied to roughly 11,500 trial participants.
Novo Nordisk confirmed unauthorized access to a limited number of internal IT systems; NVO shares were trading near $44.95 as the data leak escalated.

Hackers who breached Novo Nordisk's network claim to have exfiltrated 30 proprietary AI drug-development models along with 1.3 terabytes of research and clinical data, escalating a pharma cyberattack into a potential competitive-intelligence crisis after the Danish drugmaker refused to pay a $25 million ransom.

Lead

Novo Nordisk (NVO) disclosed on June 11, 2026 that unauthorized actors had accessed internal IT systems, weeks after a cybercrime group calling itself FulcrumSec gained entry through exposed cloud credentials. The group subsequently threatened to auction stolen intellectual property—including what it describes as dozens of trained machine-learning models used in drug discovery—after the Copenhagen-based maker of Ozempic and Wegovy declined to pay a $25 million extortion demand. On June 16, FulcrumSec began publishing sample data online, confirming it was prepared to sell the remainder on private markets.

What Happened

FulcrumSec, a cyber-extortion crew that first surfaced in October 2025, claims initial access in March 2026 through two credential failures: an Azure Container Registry token embedded in a client-side JavaScript bundle and a GitHub personal access token that granted read access to hundreds of private repositories. The group says it then moved laterally using API tokens, database credentials, and service-account passwords found inside those repositories, accumulating data for more than two months before contacting Novo Nordisk executives on June 1.

Novo Nordisk replied via Proton Mail on June 3 but ultimately refused payment. A separate group, TheUSERS007, independently claimed a simultaneous breach and issued a competing $50 million demand. Novo Nordisk has not publicly addressed the second claim.

The disclosed file count exceeds 700,000 items. Alongside the AI assets, FulcrumSec claims to hold clinical trial data pseudonymized for roughly 11,500 participants—including biomarkers, health and immunogenicity indicators, and lifestyle factors—as well as 163,000 employee records, manufacturing facility details, and compound-level data on thousands of experimental and marketed drugs including the weight-loss candidates Amycretin and CagriSema.

The AI Haul

The most commercially sensitive portion of the alleged Novo Nordisk data leak involves its machine-learning infrastructure. FulcrumSec published an inventory that includes a 16.7-gigabyte multimodal model checkpoint described as handling text, image, and transcriptomic inputs; approximately 407 megabytes of proprietary biological and chemical training datasets; roughly 50 megabytes of source code for an internal tool the group labels NovoPert; complete logs from 113 model-training runs; and high-performance-computing infrastructure maps.

The group also claims 494 gigabytes of cell painting microscopy images—a high-throughput imaging technique that pharmaceutical companies use to detect compound effects on cell morphology and accelerate early-stage drug screening. Reproducing such a dataset requires years of laboratory work and significant capital, giving it standalone commercial value independent of the models themselves.

In a notable disclosure, FulcrumSec acknowledged that "99% of what these models are capable of is over our heads," indicating the group's intention is sale rather than internal exploitation.

Company Response and Market Reaction

Novo Nordisk stated it has maintained "continued operations of our main platforms" and is "in contact with the relevant authorities." The company stressed that exposed clinical data lacks direct patient identifiers, arguing third parties cannot link pseudonymized records to specific individuals without underlying data held separately.

NVO shares were up 1.93% at $44.95 at the time the data-leak story broke, reflecting broader market conditions rather than a direct reaction, though the stock has faced sustained pressure in recent months amid pipeline uncertainty. The pharma cyberattack adds a layer of reputational and regulatory risk that analysts expect will draw scrutiny from European data-protection authorities given the clinical trial data involved.

Strategic and Competitive Risk

The alleged theft of trained AI models represents a qualitatively different threat than conventional data breaches. Drug-discovery AI systems are built on proprietary datasets accumulated over years; stealing a trained checkpoint compresses that investment into an instantly transferable file. Cybersecurity practitioners have noted that if models are verified, a well-resourced competitor—state or commercial—could repurpose the underlying logic for their own research programs without replicating the data-collection pipeline.

The threat extends to clinical data integrity. Security professionals have raised the concern that unauthorized access capable of exfiltrating records is also capable of modifying them, a vulnerability with direct implications for regulatory submissions and post-market safety monitoring.

Outlook

The Novo Nordisk incident illustrates a structural exposure in pharmaceutical R&D: as companies embed AI deeper into drug discovery and store model weights alongside conventional data, the intellectual-property surface area available to attackers expands significantly. FulcrumSec's willingness to leak samples publicly, rather than hold data in reserve, signals a shift toward reputational pressure as the primary extortion lever. Novo Nordisk faces an extended period of regulatory inquiry, potential litigation over the clinical data, and the commercial uncertainty of not knowing whether its AI assets have been acquired by third parties. The broader pharma cyberattack trend suggests sector-wide scrutiny of credential hygiene and the secure handling of machine-learning artifacts is overdue.