One Leaked GitHub Token, 1.3TB Gone: The Novo Nordisk Breach Is a Wake-Up Call for Dev Security

Novo Nordisk, the Danish pharmaceutical company best known for making Ozempic and Wegovy household names, has confirmed a breach of its internal systems. What it has been considerably quieter about is just how bad that breach apparently was.

The company disclosed the incident on June 11, describing it as unauthorised access to a "limited number of internal IT systems." Clinical trial participants had pseudonymised data exposed, including dates of birth, gender, biomarkers, health and immunogenicity data, and lifestyle information. Healthcare professionals connected to Novo Nordisk also had contact details compromised, with the company warning of follow-on phishing risk via email, phone, and WhatsApp.

All fairly serious. But possibly just the tip of it.

The threat group claiming responsibility, FulcrumSec, has told a rather different story to DataBreaches.Net. According to them, they were inside Novo Nordisk's network for over two months, during which time they exfiltrated more than 700,000 files totalling around 1.3TB. The haul allegedly includes proprietary source code, data on both marketed and unreleased drugs, internal AI models, manufacturing records, clinical research data, and details on roughly 11,500 pseudonymised trial participants. After Novo Nordisk apparently declined to pay the $25 million ransom demand, FulcrumSec began publicly leaking portions of what it claims to have stolen. The group has suggested the data could shave three to five years off a competitor's drug development timeline. That's not nothing.

A second unrelated threat group, TheUSERS007, also claims to have independently breached Novo Nordisk around June 5 to 7, specifically targeting data related to the company's AI work. Novo Nordisk has not publicly addressed either group's claims.

The Entry Point: A Single Token

FulcrumSec says they got in through an exposed GitHub personal access token found embedded in client-side JavaScript on an obscure subdomain. From there, they cloned private repositories, harvested additional credentials sitting inside those repositories, and used those to move laterally across Novo Nordisk's infrastructure.

They did not crack passwords. They did not exploit a zero-day. They found a key someone had left in the door and walked straight in.

This is the part that should focus minds. Matt Kimpel, CISO at managed services provider Magna5, puts it plainly: developers have standing access to the systems that matter most. Source code, build and deployment pipelines, cloud environments, and the credentials those systems use to talk to each other. Get into a developer's environment and you are not picking through a filing cabinet. You are looking at the building schematics.

AI-assisted development is quietly making this worse. Faster code generation means more surface area, more tokens provisioned, more integrations wired together, often through unofficial tools and workflows that nobody has audited. The machine credentials that hold all of this together, API tokens, service accounts, pipeline keys, tend to accumulate without anyone keeping track. They are rarely inventoried properly, seldom rotated, and often have far broader permissions than the task they were originally provisioned for.

The Real Problem Is Identity, Not Tooling

Shane Barney, CISO at Keeper Security, makes the point well. Hardcoded credentials and improperly scoped tokens build up across repositories and CI/CD pipelines over time. Unlike human accounts, machine credentials rarely have clear owners. Nobody is watching them. Nobody is rotating them. Once provisioned, they are largely forgotten.

"That invisibility is what turns a single exposed token into a months-long intrusion," Barney notes. When a machine credential carries broad permissions and nobody is monitoring it, an attacker who finds it does not need to escalate privileges or move carefully. The access is already there.

Kimpel's framing cuts to the core of what most organisations get wrong: secrets management is treated as a tooling problem when it is actually an identity problem. Branch protections, code review, pipeline gating, these controls all assume the right identity is doing the work. Once an attacker is operating as a trusted developer, those same controls serve them just as well.

Ed Luz, head of research at Oasis Security Identity, highlights two details that matter most in this case. First, the initial access came through a single GitHub token. Second, lateral movement was enabled by additional credentials sitting openly inside the repositories themselves. "The attackers didn't break through the perimeter," Luz says. "They were authenticated."

What Actually Needs to Happen

The fix is not particularly exotic, but it does require discipline that most organisations have not applied consistently to their non-human identities.

Kimpel recommends starting with a proper inventory of machine identities, understanding what exists and what it has access to. From there, the priorities are eliminating long-lived secrets where workloads allow, applying least-privilege aggressively, rotating credentials on a meaningful schedule rather than an arbitrary calendar, and monitoring machine identities with the same rigour applied to human accounts. Baseline normal behaviour. Alert on deviation.

Barney adds that centralising secrets management and enforcing automated rotation closes the gap between what attackers find and what they can actually do with it. It does not make you invulnerable, but it shrinks the blast radius considerably.

Code repositories have become production-grade infrastructure. They sit upstream of almost everything, and they hold the keys to a great deal more than just source code. Treating them as casual developer tooling, rather than as high-value targets requiring proper identity governance, is a bet that is increasingly looking like a losing one.