Confidence MediumJun 17, 2026novonordisk.com

Novo Nordisk Cyber Extortion and Data Breach

PatternExternal actor · Hacking · Confidentiality impact

Pharmaceutical giant Novo Nordisk experienced a cyber extortion and data breach. The threat actor group FulcrumSec claimed responsibility on June 16, 2026, and Novo Nordisk acknowledged the online data publication claims on June 17, 2026. The attackers stole pseudonymized clinical trial and biomarker datasets, unmaskable identity data for healthcare providers, source code, AI models, proprietary information on marketed and experimental drugs, clinical trial data, and employee data.

Signal date

Jun 17, 2026

Updated

Jun 24, 2026

Confidence

Medium

Sources

1 source

Novonordisk

Domain: novonordisk.com
Signals: 1 linked

Scan this company

Signal context

First seen: Jun 17, 2026

Last updated: Jun 24, 2026

Status: Public signal

Key points

Threat actor group FulcrumSec claimed responsibility for the breach on June 16, 2026.
Novo Nordisk confirmed awareness of online data publication claims on June 17, 2026.
Stolen data includes pseudonymized clinical trial and biomarker datasets, unmaskable identity data for healthcare providers, source code, AI models, proprietary drug information, clinical trial data, and employee data.

Signal analysis

Beta

It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Novonordisk

Likely country: Location not provided

Threat source

Hacking activity

The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.

Source type: outside the affected organization
Source type: possible insider or internal misuse

Business impact

Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context

51 signals with similar action pattern

1 signal in the same sector
66 signals with the same likely impact area
1 signal linked to this organization/domain

Mentioned entities

NovonordiskData DisclosureNovo NordiskFulcrumSecThreatStolen

External sources

Deep dive into the Novo Nordisk cyber extortion and data breach - Shieldworkzhttps://shieldworkz.com/blogs/deep-dive-into-the-novo-nordisk-cyber-extortion-and-data-breachPublic source from shieldworkz.com.

Related signals

Grouped by why the signal is relevant.

LastpassJun 23, 2026

Same action patternSame impact area

LastPass confirms data breach in Klue supply chain attack

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in a supply chain attack targeting Klue, a third-party market intelligence platform. The unauthorized actor obtained OAuth tokens from Klue, which were then used to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass stated that its core products, services, and infrastructure, including customer vaults, were not affected by this incident. The Icarus extortion group claimed responsibility for the Klue attack.

SnykJun 22, 2026

Same action patternSame impact area

Snyk impacted by Klue supply chain attack

Snyk, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Snyk's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Snyk stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

OnetrustJun 22, 2026

Same action patternSame impact area

OneTrust impacted by Klue supply chain attack

OneTrust, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from OneTrust's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. OneTrust stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

JamfJun 22, 2026

Same action patternSame impact area

Jamf impacted by Klue supply chain attack

Jamf, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Jamf's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Jamf stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.

HuntressJun 22, 2026

Same action patternSame impact area

Huntress impacted by Klue supply chain attack

Huntress, a cybersecurity firm, was affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from Huntress's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. Huntress suggested that a threat actor named Icarus might have been responsible for the attack.

HackeroneJun 22, 2026

Same action patternSame impact area

HackerOne impacted by Klue supply chain attack

HackerOne, a cybersecurity firm, was among several organizations affected by a supply chain attack on market intelligence platform Klue. The attack compromised Klue's integration with Salesforce, leading to the exfiltration of business information from HackerOne's Salesforce CRM, including sales account data and business contact information such as names, email addresses, job titles, and phone numbers. HackerOne stated the intrusion was limited to its Salesforce instance and did not involve its internal systems.