Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach.

The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems.

Medtronic confirmed the attack in late April, noting that its products and manufacturing and distribution operations were not affected.

ShinyHunters had added the company to its Tor-based leak site on April 17, claiming the theft of over 9 million records of personal information, and terabytes of corporate data.

The group has since removed Medtronic from the website, which suggests that the company might have paid a ransom to recover the stolen information.