Medtronic and Singapore SLA Expose Sensitive Personal Data

08.07.2026

Medtronic Incident Exposes Data of 3.8 Million Patients

Medtronic, a global medical technology company operating in 150 countries, has notified more than 3.8 million people of a data security incident. The breach occurred in April 2026 and involved unauthorized access to the company’s corporate IT systems. The ShinyHunters group claimed responsibility for the attack, saying it had stolen millions of records and a large volume of corporate information.

According to Medtronic, unauthorized actors accessed certain corporate systems between April 13 and April 19, 2026. The company also emphasized that its IT, product, and manufacturing networks are separate, while hospital networks are independently managed and secure. As a result, the incident did not affect medical devices, manufacturing processes, distribution, financial reporting, customer support, or patient safety.

In total, the breach reportedly affected 3,834,294 people. The exposed data may include:

  • Patient names
  • Contact details
  • Dates of birth
  • Social Security numbers
  • Health information

The company added that it has found no evidence that the stolen information has been publicly released or exposed online.

Medtronic said the external cybersecurity experts and law enforcement agencies were involved in the investigation.

IBM-Managed SLA Test Environment Exposes Data of 70,000 People

The Singapore Land Authority reported a personal data breach affecting approximately 70,000 people. The incident was not linked to the authority’s core infrastructure, but to a cloud-based development and testing environment managed by IBM.

IBM supported two key SLA systems: the Singapore Titles Automated Registration System and the eLodgment System, which are used for land title registration and the submission of related documents. According to preliminary findings, unauthorized access was gained to a test dataset created in 1998 and periodically updated over time.

The dataset was supposed to contain only anonymized or test data based on property ownership and lodgment records. However, a review found that it also contained real personal data. The affected data types included names, Singaporean national identity numbers (NRIC), and property addresses of impacted individuals.

SLA stressed that the affected environment was separate from its production systems. According to the authority, its main title registration, lodgment, and other operational systems were not compromised, and current property records remained secure.

After the incident was discovered, IBM revoked access connected to the affected environment. SLA began notifying impacted individuals, filed a police report, and informed the Personal Data Protection Commission. The authority is also working with IBM, the Government Technology Agency, and the Cyber Security Agency of Singapore to determine the full circumstances of the incident and take corrective measures.


Confidential data – from patient records and customers’ personal information to business-critical documents – is a strategic asset that requires consistent protection. SearchInform FileAuditor, a DCAP solution, helps organizations strengthen data security by discovering sensitive files, classifying them with labels, and controlling risky file operations. Content-based blocking prevents unauthorized actions with documents across applications, suspicious transfers, and access by unauthorized users. Protect critical data with SearchInform FileAuditor.


Letter Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.