Medtronic Notifies Customers of Data Breach Claimed by ShinyHunters

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Breach Confirmed: Medtronic detected unusual activity on its corporate IT systems on April 15, 2026.
  • Records Claimed: ShinyHunters claimed to hold 9 million Medtronic records containing PII and internal corporate data.
  • Data Exposed: The company says the stolen data, which may include Social Security numbers, was not leaked online.

Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. The company previously confirmed its IT systems were compromised, and the new notification emphasized that the stolen data was not exposed online.

ShinyHunters claimed responsibility for the attack that reportedly exposed personally identifiable information (PII) and internal corporate data.

Medtronic Confirms Breach Timeline

According to Medtronic's breach notice, the Minnesota-based medical device maker became aware of unusual activity on certain corporate IT systems on April 15, 2026. The investigation found that an unauthorized actor accessed certain corporate IT systems from April 13 to April 19, 2026. 

So far, the company filings said roughly 364,000 patients were affected by the data breach. Exposed information may include:

ShinyHunters Medtronic announcement in April | Source: BleepingComputer
ShinyHunters Medtronic announcement in April | Source: BleepingComputer

ShinyHunters claimed to hold 9 million Medtronic records and listed Medtronic on its dark web extortion portal on April 18. The Medtronic entry was later removed from the listing that same month. 

Company Response and Customer Guidance

Medtronic launched an investigation with the assistance of leading third-party cybersecurity experts to determine the scope of the incident. The firm assured that all its devices remain safe to use and are unaffected by the incident. 

ShinyHunters-related breaches last month included American Tower, Ralph Lauren, Amazon’s One Medical, and the Council of Europe. In March, the threat actor claimed it carried out a massive Salesforce breach that enabled it to compromise Snowflake, Okta, Sony, AMD, LastPass, and Salesforce itself.   

In other recent news, Nissan disclosed an employee data breach linked to an Oracle zero-day, and 2.7 million Sysco emails were leaked following a ShinyHunters breach.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: