The extortion group behind this week's claimed breach of Novo Nordisk has moved from threats to action, publishing what it says are sample files from a trove of stolen pharmaceutical and patient data after the Danish drugmaker declined to pay a $25 million ransom.

According to reports, FulcrumSec, a cyber extortion group that first surfaced in October 2025, says it spent more than two months inside Novo Nordisk's network before making contact with company executives. According to the group's own account and subsequent reporting, the haul spans more than 700,000 files and roughly 1.3 terabytes of material, among them source code, data on approved and pipeline drugs, clinical trial records, and personal information tied to employees, physicians and patients.

em360tech image

A trove that includes the company's AI work

What sets this leak apart from a standard credential-and-database dump is the inclusion of Novo Nordisk's internal machine learning infrastructure. FulcrumSec says the stolen material includes roughly 30 trained AI models, 70 datasets, and close to 494 gigabytes of proprietary cell-imaging data used in drug research. The group has admitted it doesn't fully understand the capabilities of what it took, but its inclusion in the leak underscores how deeply AI tooling is now embedded in pharmaceutical R&D, and how exposed that work can be in a breach.

From ransom demand to private sale

The group says it first reached out to Novo Nordisk executives directly, and that the company responded roughly 48 hours later through an anonymous Proton Mail address, verifying its identity by requesting specific files only Novo Nordisk would recognise. Talks reportedly continued before the company refused to meet FulcrumSec's $25 million demand. In its public message, the group said it was now "exploring private sales" of portions of the data tied to specific drugs and internal operations.

Not everything is on the table, however. FulcrumSec says it is withholding data on thousands of employees and physicians, information on roughly 11,500 pseudonymised clinical trial patients, and the operational technology used to run sensors and machinery at Novo Nordisk's production facilities, framing the decision as an attempt to limit downstream harm.

Novo Nordisk's response

According to Reuters, a Novo Nordisk spokesperson said the company is aware of claims that data was copied without authorisation and has since been published online, adding that it "takes this matter seriously" and is in contact with relevant authorities while keeping its main platforms running. The company began notifying patients and healthcare providers of a cybersecurity incident on June 11, describing it at the time as unauthorised access to a limited number of internal IT systems. Reuters has said it could not independently verify the authenticity of the data FulcrumSec posted.

Questions Surround the Novo Nordisk Breach

The timeline adds to an already tangled picture. DataBreaches.net reported on June 15 that FulcrumSec told the blog a day earlier it had gained network access back in March, sharing a purported file list to support the claim. Separately, malware research site VX-Underground reported on an unnamed hacker's compromise of Novo Nordisk just a day before FulcrumSec's own claims went public; FulcrumSec maintains the two reports describe different intrusions.

Researchers who track extortion groups say FulcrumSec's claims are worth taking seriously, pointing to a track record that has generally matched its stated capabilities in prior cases. Security analysts have also flagged a less obvious risk beyond exposure. Once trial data has been copied by an outside party, organisations can no longer be fully confident in its integrity, since there's no way to rule out tampering before any of it resurfaces publicly or in a private sale.

For now, Novo Nordisk's main concern is containment. For everyone else watching, the case is becoming a pointed example of how much of a modern pharmaceutical company's crown jewels, not just patient records, but proprietary AI models and the data used to train them, now sit inside the same networks attackers are targeting.