Novo Nordisk refuses $25M ransom demand after cyberattack
What's the story
Novo Nordisk, one of the world's leading pharmaceutical companies, has been targeted by a major cyberattack. A hacker group has claimed to have stolen over 1.3TB of sensitive company data and is demanding a ransom of $25 million (approximately ₹236 crore). The Danish drugmaker has refused to pay the amount, prompting the hackers to publicly ridicule its cybersecurity measures and threaten to sell some parts of the stolen data.
Hacker group
Hackers claim they spent over 2 months in company's systems
The cyberattack has been attributed to a group called FulcrumSec. The hackers claim they spent over two months in Novo Nordisk's systems before stealing the data. They allege that the stolen information includes source code, clinical trial data, details about current and future drugs, employee records as well as doctor and patient information.
Company response
Personal information copied without authorization
Novo Nordisk has confirmed the data breach, saying it involved unauthorized access to a limited number of internal systems. The company admitted that some personal information was copied without authorization and said it is investigating the matter with external cybersecurity experts. Authorities have also been notified about the incident. The company stressed that core business operations remain unaffected and continue to function normally despite the breach.
Security flaws
Hackers ridicule company's security measures after negotiations failed
After negotiations failed, FulcrumSec published messages criticizing Novo Nordisk's security measures. Cybersecurity outlets reported that the hackers found weak protections in some of the company's systems and are now considering private sales of some parts of the stolen data. However, independent experts and journalists have not fully verified the complete scope of this alleged data haul.
Industry impact
Cyberattack raises concerns over data protection in healthcare industry
The cyberattack on Novo Nordisk comes at a time when healthcare companies are increasingly being targeted by cybercriminals for their valuable medical and research information. The incident has raised concerns over data protection in the industry. Novo Nordisk said it is continuing its investigation, strengthening security measures, and working with relevant authorities as it assesses the full impact of this breach.