Medtronic notifies customers impacted by ShinyHunters data breach

Medtronic Data Breach Exposes Sensitive Customer Information to Unauthorized Hackers

Healthcare device company Medtronic has notified customers that their personal data was compromised in a recent data breach attributed to the notorious hacking group ShinyHunters. The incident, which occurred between April 13 and 19, exposed sensitive information from approximately 9 million customer records, including full names, contact details, dates of birth, social security numbers, and health-related data.

The breach was discovered by Medtronic on April 15, after the company became aware of unusual activity on its corporate IT systems. An investigation, led by third-party cybersecurity experts, determined that an unauthorized actor had accessed certain IT systems during this period. The exposed data may include a wide range of sensitive information, making it potentially vulnerable to misuse in phishing scams, social engineering attacks, and identity theft.

ShinyHunters is known for extorting victim organizations by threatening to publish stolen data online unless a ransom payment is made. In this case, the hackers listed Medtronic on their dark web extortion portal on April 18, warning that they would release the allegedly 9 million records if a payment wasn’t made by April 21. However, the Medtronic entry was later removed from ShinyHunters’ listing.

Medtronic is one of the largest medical device companies in the world, operating in over 150 countries and employing around 95,000 people. The company’s annual revenue exceeds $33.5 billion, making it a high-profile target for cyber attackers. Despite the severity of this breach, Medtronic has assured customers that its devices remain safe to use and are not affected by this cybersecurity incident.

Customers who have received notifications from Medtronic are advised to enroll in the company’s offered 24-month credit monitoring and identity theft protection services to mitigate the risk of data exposure. It is also essential for these individuals to remain vigilant, monitoring their account activity closely and being cautious of suspicious communications that may leverage the exposed data.

This incident highlights the ongoing threat posed by sophisticated cyber attackers who target large organizations with sensitive customer information. As cybersecurity threats continue to evolve, it’s crucial for companies like Medtronic to invest in robust security measures and educate customers on how to protect themselves against potential misuse of their personal data.


Source: Bleeping Computer — 2026-07-02