Cybercriminals are claiming to have breached pharmaceutical giant Novo Nordisk and stolen a large dataset that they are now attempting to sell on underground forums.
The threat actors allege that the stolen information includes corporate records, employee data, and internal documents linked to the company behind blockbuster diabetes and weight-loss drugs, including Ozempic and Wegovy.
According to the claims posted on cybercrime marketplaces, the dataset contains sensitive business information and personal records. The attackers have advertised the data for sale rather than using a traditional ransomware-style extortion approach, signaling a growing trend in which threat actors seek direct profits from stolen information.
At the center of the alleged incident is a database reportedly linked to Novo Nordisk operations. The hackers claim the data includes employee information, corporate documents, and other internal records. However, the full contents of the dataset have not been independently verified.
Novo Nordisk has not publicly confirmed a breach, and there is currently no evidence that manufacturing operations, patient systems, or pharmaceutical research platforms were disrupted. The company is reportedly investigating the claims.
The incident comes as pharmaceutical companies continue to face increased targeting from cybercriminal groups. Drug manufacturers hold large volumes of valuable intellectual property, employee records, clinical research data, and financial information, making them attractive targets for both extortion groups and data brokers operating on cybercrime forums.
Unlike ransomware campaigns that encrypt systems and demand payment for recovery, data-sale operations focus on monetizing stolen information directly. Attackers often attempt to auction datasets to other criminals who may use the information for fraud, identity theft, corporate espionage, or additional cyberattacks.
Security researchers note that dark web breach claims should be treated cautiously until evidence is independently verified. Threat actors sometimes exaggerate the size of datasets, misrepresent the source of information, or recycle previously leaked records to increase interest from potential buyers.
If the claims prove accurate, the incident would represent another significant cybersecurity challenge for the pharmaceutical sector, which has experienced a rise in attacks targeting both corporate systems and supply chains in recent years.
For now, the scale and authenticity of the alleged Novo Nordisk breach remain unconfirmed. Additional details are expected to emerge as investigators review the claims and determine whether company systems were compromised.