ShinyHunters Extortion Attempt Hits Medtronic Customer Data

Medtronic is notifying customers after the ShinyHunters extortion group accessed corporate IT systems containing personal and health information.

CSBadmin
2 Min Read

Breach Discovery and Timeline

Medical device manufacturer Medtronic has begun notifying customers whose personal information was compromised during a January 2026 cyberattack. The company detected unusual activity on its corporate IT systems on April 15 and immediately launched an investigation with external cybersecurity experts. The probe revealed that an unauthorized actor had accessed certain corporate systems between April 13 and April 19.

The notorious data extortion group ShinyHunters claimed responsibility for the attack and listed Medtronic on its dark web portal, threatening to release over 9 million records if a ransom was not paid by April 21. The listing was subsequently removed later that month.

Exposed Data and Customer Impact

The stolen information includes full names, contact details, dates of birth, Social Security numbers, and health related information. Medtronic has confirmed that the compromised data has not been publicly posted online, despite the extortion group’s threats. The company is offering affected customers 24 months of credit monitoring and identity theft protection services.

Medtronic emphasized that its medical devices remain safe to use and were not impacted by this incident. The company, which operates in 150 countries with $33.5 billion in annual revenue, urged recipients to remain vigilant against phishing attempts and social engineering scams that might leverage the exposed data.

Source: BleepingComputer

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:
Share This Article
Follow:
The latest in cybersecurity news and updates.