Medtronic, a leader in medical technology, has revealed that a data breach compromised the personal and medical information of over 3.8 million individuals. The breach occurred in April 2026, when the extortion group ShinyHunters infiltrated the company's corporate IT systems. Although Medtronic confirmed the breach later that month, they assured that their products, manufacturing, and distribution operations remained unaffected. ShinyHunters initially publicized the breach by listing Medtronic on its leak site, boasting of stealing over 9 million records and terabytes of corporate data. However, the group has since removed Medtronic from the site, hinting that a ransom might have been paid to retrieve the stolen data. Medtronic has commenced notifying the affected individuals through letters, confirming that the compromised data includes names, contact details, dates of birth, Social Security numbers, and health-related information. The company has stated that there is no evidence of this information being publicly posted or exposed online. The incident has affected precisely 3,834,294 individuals, as reported to the Indiana Attorney General’s Office. To mitigate any potential fallout, Medtronic is offering 24 months of free credit monitoring, dark web monitoring, and identity theft restoration services to those impacted. Furthermore, Medtronic has implemented additional security measures, is collaborating with third-party cybersecurity experts, and is working with law enforcement and regulatory bodies to enhance system security.