Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

The Breach

They allegedly breached Novo in March via a GitHub access token that let it clone the company’s repositories and find additional credentials.

Further details indicate that 🚨‼️ BREAKING: The threat actor who breached Novo Nordisk, the company behind Ozempic, has leaked 264 GB of data.

The threat actor also claims it obtained private internal AI models from Novo’s systems.

The intrusion ran for over two months and yielded roughly 1.3 terabytes across more than 700,000 files.

They are also mocking Novo Nordisk, claiming the company was using passwords like “novo123” for critical systems and that its security team sucks.

Affected Data & Victims

The full scope of impact remains under assessment.

The breach includes source code, proprietary information on both marketed and pipeline drugs, clinical trial records, data on employees, doctors, and patients, and manufacturing details.

They allegedly breached Novo in March via a GitHub access token that let it clone the company’s repositories and find additional credentials.

🚨‼️ BREAKING: The threat actor who breached Novo Nordisk, the company behind Ozempic, has leaked 264 GB of data.

Analysis

Organizations should review their exposure and apply available mitigations promptly.

Affected individuals should monitor their financial and online accounts for suspicious activity and consider enrolling in any offered credit monitoring or identity protection services. Organizations must conduct a thorough post-incident review to identify the root cause and gaps in security controls that allowed the breach to occur. Regulatory notification requirements should be assessed based on jurisdiction and the types of data involved, with legal counsel engaged early in the process. Communications teams should prepare transparent disclosure messaging for customers, partners, and regulators. Beyond the immediate response, organizations should update their data handling policies, encryption standards, and access controls to reduce the likelihood of recurrence. Third-party risk assessments may also be warranted if the breach originated with a vendor or service provider.

Industry observers note that this type of development highlights the ongoing need for defense-in-depth strategies and proactive security posture management. Organizations that invest in regular security assessments and employee training tend to fare better when responding to emerging threats. The security community continues to share indicators and best practices to help defenders stay ahead.

Sources

1. https://x.com/IntCyberDigest/status/2067691351508922838