What You Need to Know about the Novo Nordisk Data Breach

Novo Nordisk is a leading global healthcare company headquartered in Denmark with production facilities in two other countries. Founded in 1923, the company provides access to diabetes and obesity care products alongside treatments for rare blood and endocrine diseases in about 170 countries.

The pharmaceutical company recently suffered an IT security incident involving unauthorized access to some of its internal IT systems.  This incident allegedly exposed over a terabyte of non-public data, including some personal data of patients who participated in the company’s clinical trials. More than 700,000 files were reportedly taken by the hackers. After discovering the breach, Novo Nordisk launched an investigation with external cybersecurity experts and notified relevant authorities.

Categories of personal data about affected patients include sex, patient ID, and information on trial participation, lifestyle factors (alcohol use, smoking, and BMI), year of birth, health/immunogenicity data, and biomarkers. Novo Nordisk said compromised data was not directly linked to patients by name or other direct identifiers. Moreover, some healthcare providers were also affected by the incident, and data stolen may include the company name, contact email address, registration number, phone number, WhatsApp details, and office location,

A hacking group, FulcrumSec, has reportedly claimed responsibility for this breach and demands a $25 million ransom to prevent the sale or publication of stolen data. The group added Novo Nordisk to its dark web data leak site shortly after the pharmaceutical company disclosed the cyberattack. FulcrumSec claims to have gained initial access through secrets left in client-side JavaScript on two completely unrelated subdomains of the company.

FulcrumSec claims the stolen data includes clinical trial records, drug research and development data, physician data, employee information, patient data,  source code, internal AI-related information, and operational information. While Novo Nordisk has yet to confirm these allegations, another hacking group, TheUSERS007, is also claiming to have accessed Novo Nordisk’s system during the same period as FulcrumSec in a separate hacking incident.

When Was the Novo Nordisk Data Breach?

The pharmaceutical company disclosed it identified an IT incident involving unauthorized access to a limited number of its internal systems on June 11, 2026. However, FulcrumSec reportedly claimed to have spent more than two months inside Novo Nordisk’s networks extracting information. The company said the incident affected only a limited amount of data, but the cyber extortion group claimed to have collected more and demanded a ransom.

The extortion attempt failed because Nova Nordisk refused to pay a ransom, and the hacking group is threatening to leak stolen data as a result of non-payment. According to reports, some have been leaked, but about 1.05 terabytes of data are still being withheld. The USERS007, the other group claiming responsibility for the breach, also demanded a $50 million ransom, which Novo Nordisk didn’t pay. 

In an update released by the company, Novo Nordisk confirms it has taken some security measures to address the situation. This includes temporarily taking certain internal IT systems offline to protect the company’s environment. The company said its core business operations are not impacted.

How to Check If Your Data Was Breached

Novo Nordisk has yet to confirm whether all patients who use its medications were affected by the breach. However, the company is publishing updates for potentially impacted parties through notifications with details regarding the incident on a dedicated webpage. Keep checking this incident page, as it's the most reliable way to determine whether your data was impacted.

If you believe your personal information may have been involved in the data breach, look for an official notification, which could be a letter, an email, or messages from your healthcare provider or clinical trial coordinator. Alternatively, you may contact Novo Nordisk directly by email. 

Furthermore, look out for every sign of phishing or identity theft. If you participated in a Novo Nordisk clinical trial and have been receiving suspicious text messages or phone calls since the company’s announcement of the breach on its network systems, your information may have been exposed by the incident.

Monitor your inbox for emails claiming to be from Novo Nordisk, especially if they require you to verify medical or personal information. That may be the confirmation you need. Any unauthorized activity on your healthcare or financial accounts may also be an indication that your data may have been breached.   

What to Do If Your Data Was Breached

While Novo Nordisk believes the recent data breach poses no immediate risk to affected clinical trial participants, it is essential to remain vigilant and act quickly to reduce the risk of fraud, phishing attacks, and identity theft. If the company contacts you, review the notification letter to determine what data is involved, whether you need to take a specific action, and any resources or support the pharmaceutical giant is offering.

Keep an eye on your healthcare records and insurance statements, and contact your healthcare provider if you notice any unusual or unfamiliar activity. Even though financial information was not reported as exposed, regularly review your bank accounts and credit card statements and report any unauthorized transactions to your bank or credit card provider immediately.

Cybercriminals often leverage data breaches to launch convincing phishing attacks. Be careful if you receive text messages with suspicious links or emails claiming to be from Novo Nordisk. Furthermore, watch out for phone calls requesting personal information and communication asking you to confirm medical information.

The company’s investigation is ongoing. Visit the official incident page periodically for updates as additional information about the breach is uncovered. If you have any questions, contact Novo Nordisk through its official privacy channels.

Are There Any Lawsuits Because of the Data Breach?

No publicly confirmed class-action lawsuits or court cases have been filed in connection with the recent Novo Nordisk data breach. However, the legal situation could change as more facts emerge.

Can My Novo Nordisk Information Be Used for Identity Theft?

The available information about the recent Novo Nordisk data breach suggests that most clinical trial participants face a relatively low risk of identity theft. The company revealed the exposed patient data was pseudonymized, meaning the records contained random patient ID codes instead of names or any other identifiers.

Therefore, the information needed to connect patients’ ID codes directly to their identities was reportedly not included in the compromised trial data. However, remain alert if the incident exposes your information because cybercriminals can still leverage publicly available data or other breached information to make phishing schemes more convincing.

The risk of identity theft is higher for affected healthcare professionals/providers who had more directly identified information exposed. Even though the information stolen varies by provider, affected professionals are potentially at risk of social engineering or phishing attacks.

What Can You Do to Protect Yourself Online?

Whether your data was involved in the recent Novo Nordisk data incident or not, adopting healthy cybersecurity practices can reduce the risk of fraud and identity theft. These are tips to help you protect your personal information online:

• Be cautious of emails and text messages containing suspicious links or attachments pretending to represent trusted organizations. If you receive such communication, delete it and contact the organization through its official communication channels.
• Avoid sharing personal or sensitive information, such as passwords, Social Security number (SSN), or one-time verification codes, with anyone or over any medium you don’t trust. If you must share certain details online, only provide them through secure websites or directly to verified entities.
• Review your credit card activity and bank statements periodically for unfamiliar changes or transactions and report any suspicious activity early to the relevant authorities to minimize potential damage.
• Create strong passwords for your online accounts and use a different password for each one. Make sure to use a mix of lowercase and uppercase letters, special characters, and numbers. A strong password will contain at least 12 characters.
• Avoid accessing sensitive accounts over public Wi-Fi. Use a trusted virtual private network if you must.
• Keep your phone, computer, web browser, and antivirus software updated because software updates come with patches designed to fix newly discovered security vulnerabilities. 
• Enable multi-factor authentication (MFA) to add an extra level of security on apps and your internet devices. If someone has your password, MFA requires a second verification step, such as a code generated by an authenticator app or sent to your phone, which prevents unauthorized access.
• Review your credit reports regularly for activities or accounts you do not recognize. If you suspect any unusual activity, consider placing a security freeze on your credit file. Alternatively, sign up for a credit monitoring service for real-time credit monitoring alerts.