
Medtronic, a global medical technology company operating in 150 countries, has notified more than 3.8 million people of a data security incident. The breach occurred in April 2026 and involved unauthorized access to the company’s corporate IT systems. The ShinyHunters group claimed responsibility for the attack, saying it had stolen millions of records and a large volume of corporate information.
According to Medtronic, unauthorized actors accessed certain corporate systems between April 13 and April 19, 2026. The company also emphasized that its IT, product, and manufacturing networks are separate, while hospital networks are independently managed and secure. As a result, the incident did not affect medical devices, manufacturing processes, distribution, financial reporting, customer support, or patient safety.
In total, the breach reportedly affected 3,834,294 people. The exposed data may include:
The company added that it has found no evidence that the stolen information has been publicly released or exposed online.
Medtronic said the external cybersecurity experts and law enforcement agencies were involved in the investigation.
The Singapore Land Authority reported a personal data breach affecting approximately 70,000 people. The incident was not linked to the authority’s core infrastructure, but to a cloud-based development and testing environment managed by IBM.
IBM supported two key SLA systems: the Singapore Titles Automated Registration System and the eLodgment System, which are used for land title registration and the submission of related documents. According to preliminary findings, unauthorized access was gained to a test dataset created in 1998 and periodically updated over time.
The dataset was supposed to contain only anonymized or test data based on property ownership and lodgment records. However, a review found that it also contained real personal data. The affected data types included names, Singaporean national identity numbers (NRIC), and property addresses of impacted individuals.
SLA stressed that the affected environment was separate from its production systems. According to the authority, its main title registration, lodgment, and other operational systems were not compromised, and current property records remained secure.
After the incident was discovered, IBM revoked access connected to the affected environment. SLA began notifying impacted individuals, filed a police report, and informed the Personal Data Protection Commission. The authority is also working with IBM, the Government Technology Agency, and the Cyber Security Agency of Singapore to determine the full circumstances of the incident and take corrective measures.
Confidential data – from patient records and customers’ personal information to business-critical documents – is a strategic asset that requires consistent protection. SearchInform FileAuditor, a DCAP solution, helps organizations strengthen data security by discovering sensitive files, classifying them with labels, and controlling risky file operations. Content-based blocking prevents unauthorized actions with documents across applications, suspicious transfers, and access by unauthorized users. Protect critical data with SearchInform FileAuditor.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!