Digital intruders recently broke into two major tech suppliers - utility-technology firm Itron and medical-device maker Medtronic - according to filings with federal regulators.

Itron, in a late Friday US Securities and Exchange Commission (SEC) filing, said it was notified about the unauthorized third-party break-in on April 13.

The $4 billion company that provides smart meters, sensors, and software for energy, water, and city management said it alerted law enforcement and worked with external cybersecurity advisors to investigate the intrusion.

"The Company took action to remediate and remove the unauthorized activity and has not observed any subsequent unauthorized activity within its corporate systems," according to Itron's 8-K report. "Further, no unauthorized activity was observed in the customer hosted portion of its systems."

The breach didn't affect Itron's operations, the disclosure said, adding that "Itron currently expects that a significant portion of its direct costs incurred relating to the incident will be reimbursed by its insurers."

Itron declined to answer our questions about the breach, including how criminals gained initial access to its systems and whether they deployed ransomware or made an extortion demand.

Meanwhile, in a Friday disclosure and SEC filing, med-tech firm Medtronic said an "unauthorized party accessed data in certain Medtronic corporate IT systems."

Medtronic's breach disclosure follows ShinyHunters' claims that the data-theft-and-extortion crew broke into the medical device business and compromised "over 9M records containing PII and other terabytes of internal corporate data." ShinyHunters set an April 21 deadline for the company to pay an undisclosed extortion demand, or see its stolen data leaked.

Medtronic did not immediately respond to The Register's inquiries about the breach.

The $107 billion company didn't say when the breach occurred, but noted the intrusion did not impact its "products, patient safety, connections to our customers, our manufacturing and distribution operations, our financial reporting systems or our ability to meet patient needs."

Medtronic says its corporate IT network remains separate from the product, manufacturing, distribution, and hospital-customer networks.

"We are working to identify any personal information that may have been accessed and will provide notifications and support services as needed," the company posted on its website.

In March, another med-tech company Stryker said a cyberattack - linked by researchers to an Iran-aligned crew with ties to the country's intelligence agency - disrupted its global network, snarling ordering and shipping systems for nearly three weeks. On April 1, the company said it is "fully operational across our global manufacturing network." ®