In March 2026, medical technology giant Stryker suffered one of the most devastating cyberattacks of the year when an Iran-linked hacktivist group called Handala compromised the company's Microsoft Intune device management platform and remotely wiped over 200,000 devices across 79 countries. The attackers also claimed to have exfiltrated approximately 50 terabytes of sensitive corporate data. If you're a Stryker employee, contractor, or someone whose data may have been held by the company, here's what you need to do right now.
What Happened in the Stryker Breach
On March 11, 2026, threat actors breached Stryker's network and gained administrative access to the company's Microsoft Intune and Entra device management platforms. Rather than deploying traditional ransomware, the attackers triggered mass factory resets and data wipes on endpoints globally, destroying data on over 200,000 Windows servers, PCs, and mobile devices within minutes.
Stryker's internal business systems, including email, file shares, and ERP applications, were brought to a complete halt worldwide. Major facilities were forced to operate on backup procedures or shut down temporarily. The attack was attributed to the Handala Hack Team, assessed as a front for Void Manticore, a destructive operations unit within Iran's Ministry of Intelligence and Security (MOIS).
Data Theft Confirmed
The attackers claimed to have stolen roughly 50 terabytes of data during the breach, potentially including sensitive corporate information, employee records, R&D documents, and personally identifiable information. Multiple class action lawsuits have been filed alleging that Stryker failed to adequately protect employee data.
Who Is Affected
The breach primarily impacts:
- Current and former Stryker employees whose personal data (Social Security numbers, addresses, financial information) was stored on company systems
- Contractors and vendors who provided personal information to Stryker
- Healthcare professionals who interacted with Stryker's digital platforms
Importantly, Stryker has confirmed that the attack targeted their corporate IT environment, not their medical products. Patient-facing devices remain safe to use.
Steps to Take Right Now
1. Freeze Your Credit at All Three Bureaus
If your Social Security number or financial data was stored by Stryker, place a credit freeze with Equifax, Experian, and TransUnion immediately. A credit freeze prevents anyone from opening new accounts in your name and is free to place and lift.
2. Monitor Your Financial Accounts
Review your bank statements, credit card accounts, and any financial accounts for unauthorized transactions. Set up real-time transaction alerts with your bank and credit card companies so you're notified of any suspicious activity immediately.
3. Check for Identity Theft Signs
Watch for these warning signs in the weeks and months ahead:
- Unfamiliar accounts on your credit report
- Bills or collection notices for services you didn't use
- IRS notices about tax returns you didn't file
- Unexpected denials for credit or insurance
4. Change Your Passwords
Update passwords for any accounts that used the same credentials as your Stryker login. Use a unique, strong password for each account and enable two-factor authentication wherever possible.
5. Watch for Phishing Attempts
After major breaches, scammers often impersonate the affected company or related organizations. Be suspicious of any emails, texts, or phone calls claiming to be from Stryker, law firms, or government agencies regarding the breach. Verify all communications through official channels before clicking links or providing information.
File an Identity Theft Report if Needed
If you discover that your information has been misused, file a report with the FTC at IdentityTheft.gov and file a police report with your local law enforcement. These reports create an official record that can help you dispute fraudulent accounts and transactions.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanLegal Action and Your Rights
At least six class action lawsuits have been filed against Stryker by employees who allege the company failed to protect their personal data. The lawsuits argue that affected individuals now face years of increased risk of fraud and identity theft. If you believe your data was compromised, you may be eligible to join a class action lawsuit. Consult with an attorney specializing in data breach litigation for guidance on your options.
Long-Term Protection
Data breaches like the Stryker incident highlight the importance of ongoing privacy protection. Your personal information doesn't just disappear after a breach; it can be traded, sold, and used for years to come. A data removal service like PrivacyOn can help you minimize your digital footprint by continuously removing your personal information from data broker sites and monitoring the dark web for your exposed credentials. With coverage across 100+ data broker sites and 24/7 monitoring, PrivacyOn provides the ongoing protection that a one-time credit monitoring offer simply cannot match.
What Stryker Is Doing
Stryker has reported that the incident has been contained and that the company is now fully operational. However, lawsuits allege that Stryker's response has been insufficient, with affected individuals claiming they have yet to receive adequate notification about what specific data was compromised.
If you haven't received a notification from Stryker but believe your data may have been affected, contact the company directly through their official website to inquire about your exposure and any remediation services being offered.