Novo Nordisk Breach Exposes Software Development Pipeline Risk

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.

June 18, 2026

A recent — and likely massive — breach at Novo Nordisk, where attackers reportedly gained an initial foothold using a single GitHub access token, underscores how code repositories and developer environments have become ground zero for attackers seeking intellectual property, credentials, and software supply chain assets.

Novo Nordisk, the Danish pharmaceutical giant behind blockbuster drugs Ozempic and Wegovy, disclosed the breach June 11 after detecting unauthorized access to what it claimed were a "limited number of its internal IT systems."

According to the company, the attackers accessed pseudonymized data belonging to an undisclosed number of patients participating in clinical trials including patient ID, gender, date of birth, biomarkers, health/immunogenicity data, and lifestyle factors such as tobacco and alcohol use.