sec-8k - TrustStrike Labs

breach

2026-04-24

US utility tech giant Itron breached - hackers reached internal IT systems but no impact on the 112 million customer endpoints it manages

Itron, the Washington-based utility technology company that manages 112 million energy and water meter endpoints across 7,700 customers in 100 countries, disclosed a cyberattack in an SEC 8-K filing April 24. An unauthorized third party reached parts of Itron's corporate IT network on April 13. Itron says it has expelled the attackers and seen no follow-up activity, and that customer-hosted environments (the actual utility infrastructure) were untouched. No ransomware group has claimed the attack. The incident is significant because Itron sits in the middle of US critical infrastructure - meter data, billing, and grid telemetry pass through its software at thousands of utilities.

itron critical-infrastructure utility sec-8k corporate-it customer-hosted-segregation 112m-endpoints

Check: If you work with any utility tech vendor, confirm in writing whether your relationship touches their corporate IT or only their isolated customer-hosted environment.
Affected: Utilities running Itron software, meters, or services - particularly those whose contracts let Itron staff reach into utility systems. Any organization where a critical-infrastructure vendor has remote access without strict segmentation. Itron's segregation of customer-hosted from corporate IT is what limited this incident.
Fix: Review which Itron-side accounts can reach your utility infrastructure and rotate any credentials, API keys, or VPN profiles Itron staff have used since January. Demand a written attestation that customer-hosted environments are network-segregated from corporate IT. Map every critical-infrastructure vendor's reachability into your network, including informal paths.

breach

2026-04-24

Medtronic confirms breach after ShinyHunters claims theft of 9 million records and terabytes of internal data

Medtronic, the world's largest medical device maker, confirmed a breach of its corporate IT systems in an SEC filing April 24. ShinyHunters had listed Medtronic on its leak site April 18 claiming theft of more than 9 million records of personal data plus terabytes of internal corporate documents, with an April 21 deadline. The Medtronic listing has since been removed - a strong signal the company either paid the ransom or is still negotiating. Medtronic says product safety, manufacturing, distribution, and patient care are unaffected; the breach was confined to corporate IT, which is segregated from device infrastructure. Investigation into what personal data was exposed is ongoing.

medtronic shinyhunters medical-devices sec-8k listing-removed ransom-likely-paid 9m-records

Check: If you or staff have ever been a Medtronic patient, vendor, contractor, or applicant, watch for highly-targeted phishing referencing real medical device or employment details.
Affected: Medtronic patients (90,000+ employees, hundreds of millions of patients), suppliers, and former staff are all in scope until Medtronic clarifies what 9M+ records contain. Healthcare organizations sharing patient data with Medtronic for device monitoring, recall tracking, or research are exposed if those communications are in the leak.
Fix: Affected individuals: enable MFA on patient portals, monitor explanation-of-benefits statements, and report any unsolicited medical-device prompt or service call. Healthcare organizations: pull your data-sharing inventory with medical device vendors and confirm breach-notification SLAs. Companies sharing confidential records with Medtronic should assume those documents may be in the leak set.