Medtronic corporate network breach exposes over 9 million records, confirmed by vendor
Summary
Hide ▲
Show ▼
Medical device manufacturer Medtronic confirmed a breach of its corporate IT systems after the ShinyHunters extortion group claimed to have stolen over 9 million records containing personally identifiable information (PII) and terabytes of corporate data. Medtronic states there is no impact to medical products, patient safety, customer networks, manufacturing, distribution, financial reporting, or its ability to meet patient needs, and notes its networks are segmented. The company is investigating whether personal data was accessed and will notify affected individuals if confirmed. MiniMed, Medtronic's diabetes-focused subsidiary, reported its own IT systems were not affected. The threat actor listed Medtronic on its leak site on April 17, setting a ransom deadline of April 21, and was later removed from the site, which may indicate payment. Medtronic’s corporate IT, product, manufacturing, and distribution networks are segmented, and customer hospital networks remain separate and independently managed by customers’ IT teams.
Timeline
-
27.04.2026 16:50 2 articles · 1d ago
Medtronic acknowledges corporate network breach with ShinyHunters claiming 9M+ records theft
Medtronic publicly confirmed an intrusion into its corporate IT systems after ShinyHunters claimed responsibility for the breach, asserting theft of over 9 million records containing PII and terabytes of corporate data. The actor listed Medtronic on its leak site on April 17 (revised from prior reporting), set a ransom deadline of April 21, and was later removed from the site. Medtronic states no impact to medical products, patient safety, customer networks, manufacturing, distribution, financial reporting, or ability to meet patient needs, and emphasizes network segmentation between corporate IT, product systems, and customer networks. MiniMed, Medtronic’s diabetes-focused subsidiary, confirmed its own IT systems were unaffected.
Show sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
Information Snippets
-
Medtronic disclosed an intrusion into 'certain corporate IT systems' without impact to medical products, patient safety, or customer networks.
First reported: 27.04.2026 16:502 sources, 2 articlesShow sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
ShinyHunters claimed responsibility for the breach, asserting theft of over 9 million records containing PII and terabytes of corporate data.
First reported: 27.04.2026 16:502 sources, 2 articlesShow sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
The threat actor listed Medtronic on its victim site on April 18 and set a deadline of April 21 for a ransom demand before publishing the data.
First reported: 27.04.2026 16:502 sources, 2 articlesShow sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
Medtronic states its corporate IT, product, and manufacturing networks are segmented, and customer hospital networks are managed independently.
First reported: 27.04.2026 16:502 sources, 2 articlesShow sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
The company is conducting an investigation to determine whether personal data was accessed and will notify affected individuals if confirmed.
First reported: 27.04.2026 16:502 sources, 2 articlesShow sources
- Medtronic confirms breach after hackers claim 9 million records theft — www.bleepingcomputer.com — 27.04.2026 16:50
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
Medtronic confirmed the intrusion into its corporate IT systems following ShinyHunters' claim of compromise.
First reported: 28.04.2026 09:351 source, 1 articleShow sources
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
Medtronic stated no impact to products, patient safety, customer networks, manufacturing, distribution, financial reporting, or ability to meet patient needs.
First reported: 28.04.2026 09:351 source, 1 articleShow sources
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
Medtronic noted its corporate IT, product, manufacturing, and distribution networks are segmented, and customer hospital networks remain separate and independently managed.
First reported: 28.04.2026 09:351 source, 1 articleShow sources
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
MiniMed, Medtronic's diabetes-focused subsidiary, reported its own IT systems were not affected by the incident.
First reported: 28.04.2026 09:351 source, 1 articleShow sources
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
-
ShinyHunters listed Medtronic on its leak site on April 17 (not April 18 as previously reported) and set a ransom deadline of April 21.
First reported: 28.04.2026 09:351 source, 1 articleShow sources
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak — www.securityweek.com — 28.04.2026 09:35
Similar Happenings
ADT data breach attributed to ShinyHunters via vishing and Okta compromise
Home security provider ADT detected and confirmed an intrusion on April 20, 2026, leading to the theft of customer and prospective customer data by the ShinyHunters extortion group. The attackers accessed ADT’s Salesforce instance after compromising an employee’s Okta SSO account via voice phishing (vishing). Stolen data included names, phone numbers, addresses, and in a small subset of cases, dates of birth and partial Social Security or Tax ID numbers. No payment or authentication data was accessed, and ADT states customer security systems remained unaffected. ShinyHunters threatened to leak the data—claiming over 10 million records—unless a ransom is paid by April 27, 2026.
Salesforce misconfiguration leads to non-sensitive data exposure at McGraw-Hill amid ShinyHunters extortion claims
McGraw-Hill confirmed a data breach affecting 13.5 million user accounts after ShinyHunters exploited a Salesforce environment misconfiguration to steal and leak non-sensitive data, including names, addresses, phone numbers, and email addresses. The company stated the breach did not impact its core Salesforce accounts, customer databases, courseware, or internal systems, though ShinyHunters claimed possession of 45 million records with PII. The affected webpages were secured promptly, and McGraw-Hill is collaborating with Salesforce to remediate the issue. Have I Been Pwned verified the leak of over 100GB of data tied to 13.5 million accounts. The incident remains distinct from a separate, unverified claim by a threat actor posing as ShinyHunters, who alleges breaching Vercel and selling stolen data, including API keys and employee records. Vercel has disclosed the incident and is investigating with law enforcement and incident response experts, while denying any impact to services.
Telus Digital Breach by ShinyHunters
Telus Digital, the business process outsourcing (BPO) arm of Canadian telecommunications provider Telus, has confirmed a security breach after threat actors known as ShinyHunters claimed to have stolen nearly 1 petabyte of data. The breach, which involved unauthorized access to a limited number of Telus Digital's systems, is currently under investigation. ShinyHunters claims to have accessed a wide range of customer data related to Telus' BPO operations and call records for Telus' consumer telecommunications division. The threat actors reportedly used Google Cloud Platform credentials discovered in data stolen during the Salesloft Drift breach to gain initial access. Telus has engaged cyber forensics experts and is working with law enforcement to manage the situation.
UFP Technologies Cyberattack Results in Data Theft
UFP Technologies, a medical device manufacturer, disclosed a cyberattack that compromised its IT systems and resulted in data theft. The incident, detected on February 14, affected billing and label-making functions. While the threat actor was removed, some data was stolen or destroyed. The nature of the malware is unclear, but ransomware or a wiper attack is suspected. UFP Technologies has not confirmed the exfiltration of personal information or received ransom demands.
Figure Fintech Breach Exposes 967,200 Accounts via Social Engineering
Figure Technology Solutions, a blockchain-based fintech firm, suffered a data breach affecting nearly 1 million accounts. Hackers stole personal and contact information through a social engineering attack. The breach was attributed to the ShinyHunters extortion group, which leaked 2.5GB of data from loan applicants. The attackers impersonated IT support to trick employees into providing access to SSO accounts, gaining entry to various enterprise applications.