The company had earlier disclosed that its corporate IT infrastructure had been compromised by hackers. The cyber extortion group ShinyHunters later claimed responsibility for the attack, alleging it had obtained around 9 million records containing personally identifiable information (PII) and internal corporate data.
According to the notification shared by the company, “On April 15, 2026, Medtronic became aware of unusual activity on certain corporate IT systems.”
The notice further states, “Medtronic launched an investigation with the assistance of leading third-party cybersecurity experts to determine the impact and scope of the incident.”
Following the investigation, the company concluded that “The investigation determined that from April 13 to April 19, 2026, an unauthorized actor accessed certain Medtronic corporate IT systems.”
The information that may have been exposed includes:
Full name
Contact information
Date of birth
Social Security number
Health-related information
ShinyHunters is known for publishing stolen information when ransom demands are not met. The group reportedly added Medtronic to its dark web leak site on April 18, claiming it possessed more than 9 million records and warning that the data would be released if a ransom was not paid by April 21.
However, the listing disappeared from the group's portal later that month. In its customer notification, Medtronic clarified that the compromised data has not been made publicly available online.
Medtronic operates in over 150 countries and employs approximately 95,000 people, generating annual revenue of around $33.5 billion.
Despite the breach involving customer information, the company has reassured users that its medical devices continue to operate safely and were not impacted by the cybersecurity incident.
Customers receiving breach notifications are being encouraged to enroll in the company's complimentary 24-month credit monitoring and identity theft protection program to reduce potential risks.
The company has also advised affected individuals to stay alert for suspicious emails, messages, or calls that could exploit the exposed information for phishing, social engineering, or other fraudulent activities. Customers are also encouraged to regularly review their account activity for any signs of unauthorized access.
