Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party.
The company previously confirmed that its IT systems were compromised by hackers, and the infamous data extortion group ‘ShinyHunters’ claimed the attack.
The threat actor said that they were holding 9 million Medtronic records with personally identifiable information (PII) and internal corporate data.
“On April 15, 2026, Medtronic became aware of unusual activity on certain corporate IT systems,” reads the company's notification sample.
“Medtronic launched an investigation with the assistance of leading third-party cybersecurity experts to determine the impact and scope of the incident.”
“The investigation determined that from April 13 to April 19, 2026, an unauthorized actor accessed certain Medtronic corporate IT systems.” The exposed data may include the following:
Full name
Contact information
Date of birth
Social Security number
... continue reading