FulcrumSec Claims 1.3 TB Novo Nordisk Exfiltration via Compromised GitHub Token
A GitHub token compromise enabled FulcrumSec to steal 1.3 TB of Novo Nordisk IP and trial data. The breach highlights persistent secrets-management failures in pharma CI/CD pipelines and raises risks to drug development timelines.
The group provided DataBreaches with a file manifest exceeding 700,000 entries and sample credentials proving possession. Novo Nordisk confirmed the intrusion but stated that patient identifiers remained protected because the exfiltrated clinical data stayed pseudonymized. No decryption keys or public leak listing has appeared on FulcrumSec’s Tor site as of this writing.
GitHub token reuse matches a documented pattern in at least four prior pharmaceutical and biotech intrusions since 2023 where CI/CD secrets stored in plaintext repositories enabled downstream credential harvesting. Novo’s exposure of undisclosed RNAi pipeline details and private AI models creates direct competitive intelligence value far exceeding typical ransomware monetization.
Supply-chain implications extend beyond the single firm: compromised trial data can delay regulatory filings and manufacturing scale-up for GLP-1 agonists already under allocation pressure. Independent verification of the claimed data volume remains limited to the group’s sample drops; Novo has not released its own incident forensics summary.
FulcrumSec: will post sample files from the Dicerna RNAi dataset on its leak site within 14 days absent payment or law-enforcement intervention.
Sources (3)
- [1]SecurityWeek Original Report(https://www.securityweek.com/cybercrime-group-claims-novo-nordisk-hack/)
- [2]DataBreaches.net FulcrumSec Correspondence(https://www.databreaches.net/fulcrumsec-novo-nordisk/)
- [3]ENISA Supply Chain Threat Landscape 2024(https://www.enisa.europa.eu/publications/threat-landscape-for-supply-chain-attacks)