FulcrumSec Stole Novo Nordisk's Drug Pipeline Data

Novo Nordisk said no. It said no to $25 million from FulcrumSec. It said no to $50 million from a second group calling itself TheUSERS007. Now 1.3 terabytes of the company's most sensitive intellectual property — drug pipeline data, source code, AI models, and records tied to 11,500 clinical trial participants — may be sold privately to whoever can afford it. The pharmaceutical giant confirmed the breach on June 11, 2026. FulcrumSec claimed the haul publicly on June 16.

Key Takeaways

• FulcrumSec claims to have stolen 1.3TB of data from Novo Nordisk, including source code, proprietary drug compound data, 30 trained AI models, and records from 11,500 pseudonymized clinical trial participants.
• Initial access came from a GitHub personal access token embedded in client-side JavaScript on an obscure Novo Nordisk subdomain — the token gave FulcrumSec read access to hundreds of private repositories.
• Two separate extortion groups targeted Novo Nordisk simultaneously: FulcrumSec demanded $25 million, TheUSERS007 demanded $50 million — both were refused.
• Pseudonymized clinical trial data is still personal data under GDPR Article 4(5) and qualifies as special category health data under Article 9, meaning Novo Nordisk faces significant regulatory exposure.
• After the ransom refusals, FulcrumSec announced it is exploring private sales of the stolen intellectual property — a direct threat to Novo Nordisk's competitive position in GLP-1 drugs.

What Did FulcrumSec Steal From Novo Nordisk?

FulcrumSec claims the stolen cache totals 1.3 terabytes and spans nearly every layer of Novo Nordisk's research and development operation. According to the group's own disclosures, reported by Cybernews, the haul includes:

• 4,750 source code repositories
• 41,000+ proprietary drug compounds
• 30 trained AI models used in drug development
• 73 datasets including 494GB of microscopy images
• Details on five undisclosed drug programs, including pipeline data related to GLP-1 medications
• Manufacturing recipes for at least one major drug
• 163,000+ employee records
• Records tied to approximately 11,500 pseudonymized clinical trial participants

The breadth of that list is unusual even by the standards of major corporate breaches. FulcrumSec is not primarily a ransomware gang — it is a data broker operation. The group, active since at least September 2025, specializes in rapid bulk exfiltration from cloud-hosted environments and has little incentive to destroy data it can sell.

How Did Attackers Get In?

FulcrumSec gained initial access through secrets left in client-side JavaScript on two Novo Nordisk subdomains. Specifically, the group found an Azure container registry credential and a GitHub personal access token embedded directly in front-end code — a misconfiguration that exposed both cloud infrastructure and hundreds of private code repositories simultaneously.

That GitHub token was the pivot point. Once FulcrumSec cloned Novo Nordisk's private repositories, they found API tokens, database credentials, and service account passwords committed to the codebase. Those secondary credentials enabled lateral movement to additional systems. According to Dark Reading's analysis, the group spent more than two months inside Novo Nordisk's environment before detection — with Novo Nordisk's own security team taking roughly two weeks to discover the intrusion in GitHub accounts and three weeks to find the parallel Azure foothold.

This pattern — secrets in code, then credential harvesting from repositories, then lateral movement — is the same chain seen in the Laravel Lang supply chain attack that shipped AWS keys and GitHub tokens to an external server. The attack vector is not exotic. It is a hardcoded secret on a forgotten subdomain.

Why Did Two Groups Target Novo Nordisk Simultaneously?

Two separate extortion groups claimed breaches of Novo Nordisk within days of each other: FulcrumSec demanding $25 million and TheUSERS007 demanding $50 million, claiming to use what they describe as "venomware" technology for intellectual property extraction. FulcrumSec acknowledged on its leak site that TheUSERS007's claim may be legitimate.

Simultaneous double extortion from independent actors is rare but not unprecedented when a high-value target has multiple exposed surfaces. Novo Nordisk's GLP-1 drug portfolio — Ozempic, Wegovy, and successor compounds — represents tens of billions in annual revenue and is among the most competitively valuable pharmaceutical IP in existence. That commercial value makes it an attractive target for multiple threat actors operating independently. The more significant risk is not the ransom demands themselves but what happens after refusal: FulcrumSec has signaled it is exploring private sales to pharma competitors or brokers, which means the threat shifts from extortion to competitive intelligence theft.

For context, Novo Nordisk's 2025 annual revenue exceeded $40 billion, driven almost entirely by GLP-1 products. A $25 million ransom represented roughly 0.06% of annual revenue — cheap insurance by any financial measure. The refusal was almost certainly a policy decision rather than a cost-benefit one.

What Happens to Clinical Trial Patients?

The 11,500 exposed clinical trial records were pseudonymized — meaning patient names were replaced with random alphanumeric identifiers. Novo Nordisk assessed the risk to patients as limited on that basis. That assessment deserves scrutiny.

Under GDPR Article 4(5), pseudonymized data is still personal data. The regulation defines pseudonymization explicitly as data "which could be attributed to a natural person by the use of additional information" — and courts and regulators have consistently treated it as subject to the full protections of the regulation. The stolen records include patient sex, birth year, biomarkers, health and immunogenicity data, and lifestyle factors including BMI, smoking status, and alcohol use. A determined actor who also obtained Novo Nordisk's trial mapping keys — which may themselves have been in one of the 4,750 stolen repositories — could re-identify individual participants.

More critically, clinical trial health data falls under GDPR Article 9's special category protections, which apply heightened obligations and, when breached, carry the regulation's maximum fines: up to €20 million or 4% of global annual turnover, whichever is higher. For a company of Novo Nordisk's scale, that ceiling is in the hundreds of millions of euros. The European Medicines Agency also imposes its own data integrity and traceability requirements on clinical trial records, adding a second regulatory track to any enforcement action. The California AG's case against 23andMe over 7 million genetic profiles provides a parallel template for how regulators treat sensitive health data breaches when companies argue limited re-identification risk.

FulcrumSec has stated it will not release employee, physician, or patient data — a claim the group frames as a goodwill gesture. That statement carries no legal weight and no enforcement mechanism. A group that has already demonstrated willingness to exfiltrate and sell health data at scale has no credible commitment device for self-restraint.

What This Breach Reveals About Software Development Security

The Novo Nordisk breach is not primarily a story about sophisticated attackers. It is a story about a hardcoded secret on a subdomain that no one was watching. The initial access required no zero day exploit, no social engineering call, no physical intrusion — just a JavaScript file on an obscure web property that happened to contain a GitHub personal access token with broad repository permissions.

That token's scope was the real failure. A personal access token with read access to hundreds of private repositories is a single point of failure for an entire codebase. When those repositories contain additional credentials — which they almost always do at organizations that haven't enforced secrets scanning — the blast radius extends to every connected system. FulcrumSec's two-month dwell time suggests the token had not been rotated in a significant period, and that no anomaly detection flagged the volume of repository cloning activity.

The defensive posture this demands is not novel but remains widely unimplemented: secrets scanning on every repository before commit, automated rotation of long-lived tokens, and scope minimization on any credential that touches more than a single system. GitHub's push protection feature, available at the enterprise tier, blocks secrets from being committed in the first place. Organizations that have not enabled it are running the same exposure that cost Novo Nordisk months of attacker access and 1.3 terabytes of intellectual property.

What Security and Compliance Teams Should Do Now

For security professionals, the Novo Nordisk incident is a reminder that the most damaging breaches often start at the periphery — a forgotten subdomain, an unrotated token, a repository that was assumed private. The attacker's two-month dwell time before detection points to gaps in behavioral monitoring for developer tool activity, not just endpoint or network telemetry. SOC teams that are not ingesting GitHub audit logs, Azure container registry access events, and repository clone volumes into their SIEM are missing a material portion of their attack surface.

For compliance officers, the exposure of pseudonymized clinical trial data triggers a parallel track of obligations. The GDPR notification clock — 72 hours to supervisory authorities after becoming aware of a breach — starts at awareness, not confirmation. The Danish Data Protection Agency (Datatilsynet), as the lead supervisory authority for a Danish headquartered company, will have jurisdiction over the GDPR response. The EMA's Good Clinical Practice requirements add a separate audit trail obligation for trial data integrity. Organizations in the pharmaceutical sector that have not mapped clinical trial data to their breach response playbooks should treat this incident as a forcing function to do so.