Danish pharmaceutical giant Novo Nordisk suffered a major breach after attackers gained initial access through a single exposed GitHub personal access token, enabling them to clone private repositories, harvest additional credentials, and move laterally through the network for over two months. The threat group FulcrumSec claims to have exfiltrated approximately 1.3TB of data — including source code, proprietary drug research, clinical trial data, and internal AI models — before demanding a $25 million ransom, suggesting the breach was far more extensive than Novo Nordisk has publicly acknowledged. Security experts warn the incident highlights a broader industry failure to treat developer environments and secrets management as identity security problems, noting that machine credentials like API tokens are often poorly monitored, broadly privileged, and rarely rotated, making a single exposed token enough to trigger a catastrophic breach.
