Medtronic Breach Confirmed: ShinyHunters Claims 9 Million Records Stolen

Medtronic has confirmed a breach after the ShinyHunters extortion group claimed to have stolen 9 million records containing personal information from the medical device manufacturer. ShinyHunters threatened to publish the data publicly unless a ransom is paid, following their established double-extortion pattern.

Healthcare providers and patients associated with Medtronic should treat their personal data as exposed and monitor for targeted phishing or identity fraud. ShinyHunters has a track record of following through on data releases when negotiations fail — see the ADT and McGraw-Hill incidents earlier this month. Organizations with Medtronic vendor relationships should review shared data agreements and notify affected individuals per applicable breach notification timelines.