Medtronic is sending breach notifications to affected customers after ShinyHunters claimed to have stolen millions of records.
The healthcare device giant says attackers accessed its corporate IT systems between April 13 and April 19, 2026. The exposed data includes names, contact info, dates of birth, Social Security numbers, and health-related information.
ShinyHunters — a well-known data extortion group — initially claimed they were holding 9 million Medtronic records. They listed the company on their dark web portal on April 18 and threatened to release the data if a ransom wasn’t paid by April 21.
Here’s the thing: the Medtronic listing later disappeared from ShinyHunters’ site. And Medtronic says the stolen data was never exposed online. That’s the official line, anyway.
Medtronic is massive — $33.5 billion in annual revenue, 95,000 employees, operating in 150 countries. The company was careful to stress that its medical devices remain safe and were not affected by the breach.
Affected customers are being offered 24 months of credit monitoring and identity theft protection. Standard advice applies: watch for phishing attempts using your exposed data, monitor accounts closely.
