A cyber extortion group identified as FulcrumSec has claimed responsibility for a data breach at Danish pharmaceutical company Novo Nordisk, alleging that it stole over one terabyte of data during a prolonged infiltration. The group says it accessed the company’s networks for more than two months before being detected.

FulcrumSec, which surfaced in October 2025 as a new threat actor in the cybercriminal landscape, posted a detailed statement on its website on Tuesday outlining its actions. According to the group, its initial demand for $25 million from Novo Nordisk was refused. Following the rejection, FulcrumSec said it is considering selling portions of the stolen data privately.

The data reportedly includes information related to several pharmaceutical products, internal company documents, and operational details. However, the group stated it will not release or sell certain sensitive information, such as records pertaining to thousands of employees and physicians, as well as data on approximately 11,500 pseudonymized clinical trial participants. Additionally, FulcrumSec asserted it would withhold information tied to operational technology and software systems used in production facilities, citing a “harm-reduction strategy” intended to limit potential damage.

Novo Nordisk disclosed on June 11 that it had experienced unauthorized access to parts of its internal IT infrastructure, which involved exposure of some personal data. The company has not publicly confirmed the extent of the data breach or responded directly to FulcrumSec’s claims.

Attempts to independently verify the authenticity of the data purportedly stolen by FulcrumSec have so far been unsuccessful. The group itself did not respond to a request for comment when approached for further clarification.

The incident highlights ongoing cybersecurity risks faced by major pharmaceutical companies, whose operational and research data are increasingly targeted by extortion groups seeking financial gain through ransomware or data theft.