Novo Nordisk IT security breach exposes personal data on June 11

Novo Nordisk A/S identified an IT security incident June 11 involving unauthorized access to internal systems, with personal data copied externally.

"While our investigation and response are ongoing, we have discovered that certain non-public data, including personal data, were copied externally without authorization," the company said in a statement. "We are informing the impacted parties as appropriate."

The Danish drugmaker said it launched a probe with external cybersecurity experts and contacted relevant authorities. It temporarily took some internal IT systems offline and is working to restore them in a controlled manner. The company said core business operations remain unaffected.

The breach at one of Europe's most valuable publicly traded companies raises questions about data security in the pharmaceutical industry, where sensitive drug development information and patient data are prime targets for cybercriminals.

Novo Nordisk did not disclose how many systems were affected or the total number of individuals whose data may have been compromised. The company said it is working with third-party experts to lead a forensic investigation. The incident has been reported to the relevant authorities, the company added.

The breach could expose Novo Nordisk to regulatory scrutiny under Europe's General Data Protection Regulation, which allows penalties of as much as 4 percent of annual global revenue for serious violations. The company's next disclosure on the scope of compromised data will be closely watched by investors and regulators.

This article is for informational purposes only and does not constitute investment advice.