They are also mocking Novo Nordisk, claiming the company was using passwords like "novo123" for critical systems and that its security team sucks.
The breach includes source code, proprietary information on both marketed and pipeline drugs, clinical trial records, data on employees, doctors, and patients, and manufacturing details. The threat actor also claims it obtained private internal AI models from Novo's systems.
They allegedly breached Novo in March via a GitHub access token that let it clone the company's repositories and find additional credentials. The intrusion ran for over two months and yielded roughly 1.3 terabytes across more than 700,000 files.
I'm unsure about Novo Nordisk, but I suspect most of these "hacks" are just corporations crying out in pain as they sell our data to the highest bidders.
Then they promise they've upgraded their security and wait for five years for new data to accumulate before they do it all over again.
Our most personal data is likely more valuable than a slight dip in those corporation's reputations.