Stolen Ozempic Research Data, Sold Online After Breach Escalation

Novo Nordisk Hackers Move to Sell Stolen Ozempic Data After Failed $25M Ransom Demand

• Novo Nordisk Hackers Threaten to Sell Ozempic Data After $25M Ransom Refusal
• Massive Pharma Cyberattack Escalates as Stolen Data Hits Underground Market
• Ozempic Maker Novo Nordisk Faces Data Sale Threat After Major Hack
• Hackers Claim 1.3TB Data Theft From Novo Nordisk in Escalating Cyber Extortion Case
• Pharma Giant Novo Nordisk Battles Fallout After Failed Ransom Negotiations

Novo Nordisk, the pharmaceutical giant behind blockbuster drugs like Ozempic and Wegovy, is facing an escalating cybersecurity crisis after hackers claimed they are now preparing to sell stolen company data following a failed $25 million ransom attempt.

The cybercriminal group, known as FulcrumSec, alleges it breached Novo Nordisk’s internal systems and exfiltrated more than 1.3 terabytes of sensitive information over a prolonged intrusion. After the company reportedly refused to meet the ransom demand, the group says it is now exploring private sales of the stolen data on underground channels.

The development marks a sharp escalation in one of the most serious recent cyber incidents targeting the global pharmaceutical industry.

Massive Data Theft Claims Raise Alarm

According to claims made by the hackers, the stolen data includes a wide range of highly sensitive material such as clinical trial research, proprietary drug development information, internal source code, employee records, and data related to healthcare providers and patients.

Novo Nordisk has confirmed it recently detected a cybersecurity incident involving unauthorized access to internal systems and the copying of limited personal data. However, the company has not verified the full scale of the breach as claimed by the attackers and says investigations are still ongoing.

Security experts warn that if the hackers’ claims are accurate, the leaked data could pose serious risks not only to the company but also to individuals and research partners connected to its clinical programs.

Ransom Refusal Triggers Escalation

FulcrumSec claims it initially attempted to negotiate with Novo Nordisk, offering to withhold parts of the stolen material in exchange for payment. After the company reportedly declined, the group shifted tactics, threatening to monetize the data through private sales rather than immediate public release.

Cybersecurity analysts say this “data marketplace” strategy is increasingly being used by extortion groups as pressure tactics, allowing them to profit even without directly publishing stolen files.

Patient and Clinical Data at Risk

Novo Nordisk has stated that the incident involved unauthorized access to systems containing personal data linked to clinical trials. While the company has previously indicated that sensitive information such as direct identifiers may not have been exposed, investigators are still assessing the full scope of what was accessed.

The pharmaceutical firm has launched a formal investigation, engaged external cybersecurity experts, and notified relevant authorities. It has also begun taking steps to isolate affected systems and strengthen its internal security infrastructure.

Growing Threat to Pharma and Health Data

The incident underscores the increasing targeting of pharmaceutical companies by cybercriminal groups, particularly those involved in high-value drug development areas such as diabetes and weight-loss treatments.

Experts warn that data tied to clinical trials and drug development is especially valuable on illicit markets due to its commercial, scientific, and competitive sensitivity.

What Happens Next

As investigations continue, Novo Nordisk faces mounting pressure to clarify the extent of the breach and the potential exposure of sensitive data. Meanwhile, the threat of private data sales raises concerns that even if stolen information is not publicly leaked, it may still circulate within criminal networks.

For now, the case highlights a growing trend in cyber extortion: when ransom demands fail, stolen data doesn’t disappear—it gets traded.