| ~7 MIN READ |
|
This edition is about who gets caught, who apologizes, and who never has to explain themselves at all. Naming names turns out to be the thing that actually moves readers, so that's where we're pointed this week.
PS: Was this forwarded to you? Subscribe free at exzeccyber.com/subscribe → |
|
In this edition
|
Data Breach
ShinyHunters Hit Medtronic. 3.8 Million People Just Found Out.
Intro
Medtronic makes the pacemakers and insulin pumps that keep people alive. It also just spent ten weeks not telling 3.8 million of them that hackers had their Social Security numbers.
What Happened
ShinyHunters broke into Medtronic's corporate IT systems between April 13 and 19, 2026, claiming 9 million records including names, birthdates, SSNs, and health details. The group listed Medtronic on its leak site on April 18, then quietly pulled the listing, usually a sign a ransom got paid. Notification letters went out this week, confirming 3,834,294 people affected.
Why It Matters
A medical device maker just proved "our products are safe" and "your identity is safe" are separate promises, and only one held.
The Other Side
Medtronic says there's no evidence the data was posted publicly, and it's offering two years of credit monitoring, the industry's standard apology gift.
TL;DR: ShinyHunters stole health and SSN data on 3.8 million Medtronic patients in April; notifications went out in July.
Further reading: SecurityWeek
|
|
David Joerg, Chess.com's AI/ML product manager, ran 30+ projects through Viktor in six weeks, from an AI phone-agent system to logistics and research, then onboarded six family members. Get Started for Free.
|
|
|
What's changing in global hiring?
Global hiring is changing fast. From AI's impact on HR to evolving compliance requirements and international expansion strategies, the rules are constantly shifting.
Oyster's events bring together HR leaders, founders, operators, and global employment experts to discuss what's working now—and what's coming next.
Whether you're hiring internationally today or planning for tomorrow, you'll walk away with practical insights you can actually use.
Strange but real
A Ransomware Gang Apologized to the Company It Hacked by Mistake
Intro
This one happened back in June, but it's too good to leave on the shelf. A ransomware affiliate broke the one unwritten rule every Russian-language cybercrime crew knows, and its own bosses were mortified enough to say sorry.
What Happened
An affiliate working for RAlord, via an affiliate program called Nova, hit Eriell Group, an oilfield services company headquartered in Uzbekistan with a Moscow office. Nova publicly apologized, banned the affiliate, and offered Eriell free recovery help, insisting no files were encrypted and no data would leak.
Why It Matters
The "first rule of ransomware club," don't hit anyone in the former Soviet sphere, exists because local law enforcement mostly leaves these gangs alone as long as they only rob foreigners. Break that rule and you risk the whole business model.
The Other Side
A free cleanup and a pinky promise not to leak your data is still cold comfort if you're the ops team that just lost a day to ransomware, apology or not.
TL;DR: A ransomware affiliate accidentally hit a company with ties to the CIS, and its own gang apologized and banned the guy responsible.
Further reading: The Register
|
Claude vs Gemini. OpenAI vs Anthropic. Which lab ships next? Real money on all of it. Kalshi is the CFTC-regulated prediction market for tech readers. Trade what you know.

