2026-07-03 · view entry permalink →
Medtronic notifies ~9 million people of a ShinyHunters-claimed corporate-IT breach — 2.5 months after containment
Medical-device manufacturer Medtronic began notifying customers on 2026-07-02 of a breach the ShinyHunters extortion group first claimed in April. Medtronic's investigation found an unauthorized actor accessed certain corporate IT systems between 2026-04-13 and 2026-04-19 after unusual activity was noticed on 2026-04-15; ShinyHunters listed the company on its leak portal on 2026-04-18 claiming ~9 million records (names, contact details, dates of birth, Social Security numbers, health-related information) and later pulled the entry — consistent with the group's pattern after a ransom is paid (BleepingComputer, 2026-07-02). Medtronic states it found "no evidence" the data was published, and that the compromised corporate systems were segregated from device-operating networks so therapy delivery was unaffected (The Register, 2026-07-02). No initial-access vector is disclosed. This is the same ShinyHunters cluster behind the recent Salesforce/PeopleSoft-adjacent extortion wave (Nissan, NAIC — see prior coverage), but a corporate-IT compromise rather than the SaaS-integration pattern seen elsewhere; the source does not confirm shared tradecraft.
“The investigation determined that from April 13 to April 19, 2026, an unauthorized actor accessed certain Medtronic corporate IT systems.” — BleepingComputer
“Based on our investigation, this incident did not impact the ability of any Medtronic device to operate safely and deliver intended therapy.” — The Register