Novo Nordisk Data Breach Investigation
According to a public notice dated June 11, 2026, Novo Nordisk reported an IT security incident involving unauthorized access to certain internal systems. The company said a limited amount of non-sensitive healthcare professional, or HCP, data may have been copied. Reported data categories include contact and office information, and the notice warns about possible phishing or fraudulent communications. If you received a notice and want to understand your options, you can fill out the form on this page to see whether you may qualify for a claim.
Novo Nordisk is a healthcare company. For this matter, the structured incident data lists NJ as the location, and the company’s information letter about the incident was issued from Bagsværd, Denmark. Below is a summary of what the company has publicly reported and what affected readers may want to do next.
Key Facts at a Glance
- Company: Novo Nordisk
- Industry: Healthcare
- Notice date: According to the public notice, June 11, 2026
- Reported discovery date: The normalized notice data also points to June 11, 2026
- Affected group: A limited number of HCPs, according to the notice
- Reported issue: Unauthorized access to a limited number of internal IT systems
- Information that may have been copied: Name, registration number, email address, phone number, WhatsApp details, and office location
- Company guidance: The notice said no specific action was required, but warned about possible phishing and fraudulent communications
What Happened?
According to Novo Nordisk’s June 11, 2026 information letter for HCPs, the company recently identified an IT security incident involving unauthorized access to a limited number of internal IT systems. The notice says certain personal data stored on those systems was accessed, and that a limited amount of non-sensitive HCP data was copied.
The company also said it began an investigation with cybersecurity experts and temporarily took certain internal systems offline as part of its response. According to the notice, core business operations were not impacted. Questions about the incident can be directed to privacy@novonordisk.com or +45 4444 8888.
What Information Was Exposed?
Based on the public HCP notice, the information that may have been involved included name, registration number, email address, phone number, WhatsApp details, and office location. The company described the information as non-sensitive HCP data, and HCP appears to refer to healthcare professionals.
The notice also states that not every affected person necessarily had every listed data category involved. At this time, the publicly available materials do not provide a broader population count beyond a limited number of HCPs.
What Should You Do Next?
- Keep any notice you received. Save the letter or email and note when you received it. Even though the notice says no specific action is required, it is still useful to keep a record.
- Watch for phishing attempts. The company specifically warned about suspicious emails, phone calls, WhatsApp messages, or communications that appear to come from colleagues or trusted contacts.
- Verify unusual requests through a known channel. If someone asks for credentials, payments, account changes, or sensitive business information, confirm the request independently before responding.
- Document suspicious activity. Keep screenshots, call logs, and copies of messages. You can also contact the company using the information in the notice if you think a communication is tied to this incident.
- Ask about your legal options if you were notified. If you received a Novo Nordisk notice and want to understand whether you may have a claim, fill out the form on this page to connect with Strauss Borrelli PLLC.
Your Legal Rights
Your rights after a reported data incident depend on the facts, the type of information involved, where you live, and whether you suffered harm or faced a meaningful risk of misuse. In general, people who receive a notice may have the right to ask what happened, what categories of information were involved, and what steps the company is taking in response.
In some situations, affected individuals may be able to pursue claims related to inadequate data security or delayed notice, but that depends on additional facts and the laws that apply. A reported incident does not automatically mean compensation is available. If you have concerns about misuse of your information or want help understanding your options, speaking with counsel can help you evaluate the situation.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents individuals in data breach and privacy matters and has experience analyzing security incident notices, exposed data categories, and potential consumer claims. Our firm can review the publicly reported facts, explain what may matter for a potential case, and help you understand what documents to preserve.
If you received notice connected to this incident, our team can assess whether the reported circumstances may support a claim and what next steps make sense. We focus on clear, practical guidance for people dealing with privacy and security concerns.
If you received a breach notification letter from Novo Nordisk:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
