CyberWatch Weekly: Novo Nordisk Extortion Claim, Data Center Equipment Risks, and UK Critical Infrastructure Attacks
This week’s cybersecurity updates show how cyber risk is moving across industries and infrastructure. A hacking group claimed a major data theft and extortion attempt against Novo Nordisk, a recent report warned that data center power and cooling systems could become serious cyberattack targets, and the UK’s cybersecurity agency reported more than 200 cyber incidents affecting critical national infrastructure. Organizations now need stronger visibility, faster response, and resilience that go beyond traditional IT security.
Hacking Group Claims Major Novo Nordisk Breach and $25M Extortion Attempt
A cyber extortion group called FulcrumSec claimed it stole more than a terabyte of data from pharmaceutical company Novo Nordisk and demanded $25 million from the company. According to the report, the group claimed it spent more than two months inside Novo Nordisk’s networks and accessed data linked to source code, drug information, trial data, employees, doctors, patients, processing facilities, and internal AI model information.
Novo Nordisk said it was aware of claims that data was allegedly copied externally without authorization. The company also said its main platforms continued to operate and that it was in contact with relevant authorities. However, news reports could not immediately verify whether the data posted by the group was authentic, so this should be treated as an alleged breach and extortion claim rather than a fully confirmed data leak.
This kind of incident happens because high-value industries like healthcare and pharmaceuticals hold sensitive, valuable, and highly monetizable data. Attackers do not always aim to shut systems down. In many cases, they steal data first and use public exposure, private sale, or reputational pressure as leverage.
Organizations should focus on early detection, network monitoring, strong access controls, data loss prevention, incident response planning, and regular threat hunting. The faster suspicious access is detected, the lower the chance that data theft will turn into extortion.
Key Takeaway: Cyber extortion is no longer only about locking systems. Sensitive data itself has become a weapon.
Source: Insurance Journal / Reuters Report
Hackers Target Data Center Power and Cooling Systems
Modern data centers are becoming attractive cyber targets because they support cloud services, AI workloads, business applications, and critical digital infrastructure. The report highlighted research from Claroty’s Team82, which found severe vulnerabilities in equipment used inside data centers, including Vertiv Uninterruptible Power Supply network cards and Trane Tracer SC+ HVAC controllers.
This matters because data centers do not depend only on servers and software. They also depend on power stability, backup electricity, cooling, and environmental controls. If attackers compromise these systems, the impact can move from digital disruption to physical downtime. A compromised UPS device could affect power availability, while a compromised HVAC controller could create overheating risks in server environments.
These risks exist because operational equipment is often connected, remotely managed, and not monitored with the same level of security as traditional IT assets. Standard endpoint tools may not fully cover systems that control physical infrastructure.
Data center operators should treat power and cooling systems as part of the security perimeter. They should patch affected equipment, restrict remote access, segment operational systems, monitor unusual commands, and include cyber-physical scenarios in incident response planning.
Key Takeaway: Data center security is no longer just about protecting servers. Power, cooling, and physical infrastructure are now part of the attack surface.
Source: TechRadar Report
UK Critical Infrastructure Faces Rising State-Linked Cyber Pressure
The UK’s National Cyber Security Centre reported that the country’s critical national infrastructure was affected by more than 200 cyber incidents in the year to May 2026. According to the report, around three-quarters of these incidents were believed to be linked to state actors.
Critical infrastructure includes systems and services such as power plants, hospitals, airports, and other essential services. When these systems are targeted, the impact can go far beyond data loss. It can affect public services, national security, emergency operations, and everyday life.
This is happening because hostile states are increasingly using cyber operations to apply pressure, gather intelligence, create disruption, or prepare for future conflict. The NCSC also warned that AI could make the threat worse by helping attackers spot and exploit weaknesses more quickly.
The solution starts with the fundamentals: patch known vulnerabilities, strengthen authentication, improve recovery planning, test incident response, and reduce weak points before attackers exploit them. Organizations also need leaders who understand security strategy, risk management, resilience, and response at an enterprise level. This is where certification training, such as CISSP Certification Training, can naturally support professionals building broader cybersecurity leadership skills.
Key Takeaway: Critical infrastructure protection depends on strong basics, fast recovery, and security leadership that treats cyber resilience as a national priority.
Source: The Guardian Report
Final Thoughts This Week
This week’s stories show that cyber risk is becoming wider, deeper, and more connected to real-world impact. The lesson is simple but urgent: security teams must look beyond obvious targets. They need to protect sensitive data, monitor operational systems, patch known weaknesses, and prepare for incidents that could affect both digital services and physical operations.
Cybersecurity is no longer only about stopping attacks. It is about reducing damage, maintaining continuity, and staying ready when attackers move faster than expected.
Stay vigilant and stay informed with InfosecTrain’s CyberWatch Weekly.