Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party.
The company previously confirmed that its IT systems were compromised by hackers, and the infamous data extortion group ‘ShinyHunters’ claimed the attack.
The threat actor said that they were holding 9 million Medtronic records with personally identifiable information (PII) and internal corporate data.
“On April 15, 2026, Medtronic became aware of unusual activity on certain corporate IT systems,” reads the company’s notification sample.
“Medtronic launched an investigation with the assistance of leading third-party cybersecurity experts to determine the impact and scope of the incident.”
“The investigation determined that from April 13 to April 19, 2026, an unauthorized actor accessed certain Medtronic corporate IT systems.” The exposed data may include the following:
ShinyHunters typically publishes stolen data if ransom negotiations with the victim organization fail to secure payment.
The hackers listed Medtronic on their dark web extortion portal on April 18 and threatened to release the stolen data, allegedly over 9 million records, if a ransom payment wasn’t made by April 21.
However, the Medtronic entry was removed from ShinyHunters’ listing later the same month. In the notification to customers, Medtronic emphasizes that the stolen data was not exposed online.
Medtronic is a medical device company doing business in 150 countries, with an annual revenue of $33.5 billion and 95,000 employees.
Although the company suffered a data breach that exposed sensitive customer information, the firm has once again assured that all its devices remain safe to use and are not affected by this cybersecurity incident.
Recipients of the notifications are advised to enroll in the offered 24-month credit monitoring and identity theft protection services to mitigate the risk of data exposure.
It is also advisable to remain vigilant for suspicious communications that leverage the exposed data to carry out scams, social engineering, and phishing attempts, and to monitor account activity closely.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
You must be logged in to post a comment Login