Medtronic Corporate IT Systems Breached, ShinyHunters Claims 9 Million Records
Medical technology giant Medtronic confirmed unauthorized access to parts of its corporate IT environment after the ShinyHunters extortion group listed the company on its leak site on April 18, 2026. ShinyHunters claimed to have stolen over 9 million records and terabytes of internal corporate data, setting a ransom-contact deadline of April 21, 2026. Medtronic stated that patient care, products, manufacturing, distribution, and financial reporting were not affected, and that they contained the incident and engaged external cybersecurity experts.
Signal context
First seen: Apr 18, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- ShinyHunters listed Medtronic on their leak site on April 18, 2026.
- Claimed theft of over 9 million records and terabytes of internal corporate data.
- Medtronic confirmed unauthorized access to corporate IT systems.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 26 signals in the same sector
- 95 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Major Cyber Attacks, Data Breaches, Ransomware Attacks in April 2026https://www.cybersecurity-insiders.com/major-cyber-attacks-data-breaches-ransomware-attacks-in-april-2026/Public source from cybersecurity-insiders.com.
Top 10 Data Breaches of April 2026 - Strobes Securityhttps://www.strobes.co/blog/top-10-data-breaches-of-april-2026/Public source from strobes.co.
Major Cyber Attacks, Data Breaches, Ransomware Attacks in April 2026https://www.cm-alliance.com/cybersecurity-blog/major-cyber-attacks-data-breaches-ransomware-attacks-in-april-2026Public source from cm-alliance.com.
List of Recent Data Breaches in 2026 - Bright Defensehttps://www.brightdefense.com/resources/recent-data-breaches/Public source from brightdefense.com.
2026 Data Breaches: Cybersecurity Incidents Explained - PKWAREhttps://www.pkware.com/blog/2026-data-breachesPublic source from pkware.com.
Related signals
Grouped by why the signal is relevant.
DentaQuest Data Breach: ShinyHunters Threatens to Leak Data, Company Confirms Investigation
DentaQuest, a major U.S. dental and vision insurance provider, was reportedly hit by a data breach, with cybercriminal group ShinyHunters claiming responsibility. ShinyHunters threatened to release stolen information on May 27, 2026, after failed ransom negotiations. DentaQuest confirmed a cybersecurity incident involving unauthorized access to a portion of its network and initiated an investigation. The leaked data, reportedly over 234 GB, included 2.6 million unique email addresses, names, addresses, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth.
Xsolis Data Breach Affects Nearly 1.4 Million Individuals
Healthcare technology company Xsolis disclosed a data breach impacting approximately 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which led to unauthorized access to a limited portion of the Xsolis environment. Exposed data includes names, dates of birth, Social Security numbers, health insurance information, and medical treatment information. Xsolis provides AI-powered solutions for healthcare providers and payers.
London Hydro Discloses Data Breach Affecting Customer Information
Canadian electricity provider London Hydro announced a data breach that potentially impacted the personal and account information of its customers. The exposed data may include names, addresses, email addresses, phone numbers, account and billing numbers, service addresses, pricing plans, contract dates, and meter numbers. The utility became aware of suspicious activity on a customer account on June 18, 2026, and an investigation determined a system vulnerability was exploited. No financial or other sensitive information like dates of birth or government IDs were compromised.
Nintendo of America Employee Data Stolen in TinyPulse Third-Party Breach
Nintendo of America confirmed on June 18, 2026, that internal employee survey data was stolen from TinyPulse, a third-party employee engagement SaaS solution owned by WebMD Health Services. The 'Shadowbyt3$' extortion group claimed responsibility, stating they exfiltrated approximately 1GB of data, including employee names, email addresses, analytics, survey data, bank statements, and W-9 forms. Nintendo's own systems and customer data were not compromised.
Council of Europe investigates ShinyHunters data breach claims
The Council of Europe is investigating claims by the ShinyHunters extortion group of a data breach involving HR and payroll data. ShinyHunters threatened to leak over 429,000 documents, including payslips, CVs, and personnel files, containing sensitive personal and financial information of over 10,000 staff members.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.