Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.
Class Action U Logo
Check Your Eligibility

Novo Nordisk Data Breach

Novo Nordisk A/S identified a 2026 IT security incident affecting pseudonymized clinical trial data. The exposed information includes patient IDs, trial participation, health, and lifestyle data, but no names or other direct identifiers were accessed. Patients are advised to remain vigilant and report unusual activity, while the company continues to investigate and strengthen security measures to protect clinical information.

Check Your Eligibility
Novo Nordisk
Date of Breach: Not Specified
CAU logo

Who was affected:

Clients of Novo Nordisk

Impacted Data:

Patient ID (random alphanumeric string)

Clinical trial participation details

Sex

Year of birth

Biomarkers and health/immunogenicity data

Lifestyle factors such as smoking, alcohol use, and BMI

Check Your Eligibility

Novo Nordisk A/S recently identified an IT security incident involving unauthorized access to a limited number of internal IT systems. The incident affected certain personal data related to patients participating in some of the company’s clinical trials. The exposed data was pseudonymized, meaning it cannot be directly linked to any individual patient without access to additional identifying information.

Novo Nordisk A/S Data Breach Investigation

Upon discovering the incident, Novo Nordisk immediately launched an investigation with cybersecurity experts to determine the scope and impact. Certain internal IT systems were temporarily taken offline to contain the incident, and security measures were enhanced to prevent further unauthorized access. The company confirmed that no direct identifiers, such as patient names, were exposed. Core business operations continue unaffected.

When Did This Breach Occur?

The exact date of the unauthorized access has not been publicly specified. Novo Nordisk discovered the incident through internal monitoring and took prompt steps to contain it.

What Information Was Breached?

The data potentially affected includes:

  • Patient ID (random alphanumeric string)
  • Clinical trial participation details
  • Sex
  • Year of birth
  • Biomarkers and health/immunogenicity data
  • Lifestyle factors such as smoking, alcohol use, and BMI

Because the data is pseudonymized, third parties cannot identify patients without additional information that was not part of the incident.

What You Can Do

Although there is no immediate risk to patients, Novo Nordisk recommends:

  1. Remain vigilant and monitor any unusual communications or activity that could relate to clinical trial participation.
  2. Report to Novo Nordisk if anything suspicious or unusual is observed that could be linked to the incident.
  3. Maintain awareness of personal and clinical data and follow guidance from healthcare providers regarding any privacy concerns.

These measures help ensure continued protection of sensitive clinical trial information.

File a Data Breach Lawsuit Against Novo Nordisk A/S

Because this incident involved pseudonymized data with no direct identifiers exposed, there is no immediate indication of patient risk. Legal action may not be applicable at this time, but individuals and stakeholders can stay informed of updates regarding the incident and any new disclosures from the company.

Organizations managing sensitive health and clinical data are expected to maintain robust cybersecurity safeguards to prevent unauthorized access, even to pseudonymized information.

Contact us at Class Action U if you believe you may be impacted by a similar type of clinical or health data incident. Our team can connect you with a lawyer skilled in class action lawsuits. There is no cost to reach out, and no obligation to proceed after speaking with someone from our legal partner

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
AssuranceAmerica Managing General Agency Data Breach
Date of Breach: March 16, 2026
Alcott Data Breach Lawsuit Data Breach
Date of Breach: February 2025
Nintendo Data Breach
Date of Breach: mid-June 2026
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.