The hack-and-leak group FulcrumSec has claimed responsibility for hacking the Danish pharmaceutical giant Novo Nordisk.
The incident was disclosed late last week, when the company warned patients that hackers had accessed its internal IT systems and exfiltrated certain data associated with clinical trials.
According to the pharma giant, the stolen information was pseudonymized and could not be directly linked to patients by name or identifiers.
“Knowledge of patient identity would require access to further information, which was not part of the incident,” the company said.
While no known cybercrime group has publicly claimed responsibility for the attack, FulcrumSec contacted DataBreaches to boast about hacking Novo Nordisk.
The group claims to have hacked the company in March through a GitHub access token that allowed it to clone Novo Nordisk repositories and find additional credentials.
FulcrumSec said it stole roughly 1.3 terabytes of data from the pharma giant and provided a list of over 700,000 files as proof.
It also provided detailed information on the type of data allegedly stolen from the company, which appears to include intellectual property such as undisclosed drug programs, proprietary compound structures, the Dicerna RNAi pipeline, private AI models, and other data.
FulcrumSec also shared some of its correspondence with Novo Nordisk, which included stolen credentials as proof of possession.
The hacking group demanded a $25 million ransom, but the extortion attempt failed, and the hacking group is now threatening to leak the stolen data.
At the time of publication, however, Novo Nordisk has not been listed on FulcrumSec’s Tor-based leak site.
Related: French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker
Related: ShinyHunters Claims Council of Europe Hack
Related: University of Nottingham Confirms Breach After Hackers Leak Data
Related: Hackers Leak DentaQuest Information Impacting 2.6 Million
