HackMyIP
← Back to News
2026-07-02 BleepingComputer

Medtronic Data Breach Exposes 9M Records in ShinyHunters Attack

Data BreachIncident ResponsePrivacy

Healthcare device manufacturer Medtronic has begun notifying customers of a data breach that exposed personally identifiable information (PII) to an unauthorized third party. The company detected unusual activity on its corporate IT systems on April 15, 2026, and an internal investigation with third-party cybersecurity experts confirmed that an attacker had access to certain systems between April 13 and April 19, 2026. The ShinyHunters extortion group subsequently claimed responsibility for the intrusion, alleging on their dark web leak portal on April 18 that they were holding approximately 9 million Medtronic records containing customer and corporate data, though the entry was later removed from the listing that month.

The exposed information potentially includes full names, contact details, dates of birth, Social Security numbers, and health-related information, according to a sample of the notification letter. Medtronic, which operates in 150 countries with annual revenue of $33.5 billion and roughly 95,000 employees, has emphasized that the stolen data has not been published online. The company also reiterated that all of its medical devices remain safe to use and are unaffected by the cybersecurity incident, distinguishing the corporate IT compromise from operational technology risk.

Medtronic is offering affected individuals 24 months of complimentary credit monitoring and identity theft protection services. Security researchers strongly recommend that recipients enroll in the offered services, monitor financial and medical accounts closely, and watch for phishing or social engineering attempts that leverage the leaked PII. Anyone concerned about credential exposure can verify their email addresses against known incidents using the email breach checker and strengthen account security with the password checker to identify weak or reused credentials. For a broader review of personal digital exposure, a privacy checkup can help surface other vectors attackers may exploit with the stolen data.

Source: BleepingComputer →

Related Tools

Check whether this kind of story affects you — free, no signup:

Email Breach Check →Privacy Checkup →

Related Guides

Learn the background behind this story:

What is a data breach? →Credential stuffing attacks →How to check for an email breach →