ADT, a prominent home security company, has acknowledged a data breach following threats from the ShinyHunters extortion group to release stolen data unless a ransom is paid.
According to a statement released by the company, unauthorized access to customer and prospective customer data was detected on April 20, prompting immediate termination of the intrusion and the initiation of an investigation.
The investigation revealed that personal information had been compromised during the breach.
“After conducting the investigation, it was determined that the information accessed included names, phone numbers, and addresses,” stated ADT to BleepingComputer.
“In a few instances, dates of birth and the last four digits of Social Security numbers or Tax IDs were also compromised. Importantly, no financial information such as bank accounts or credit cards was exposed, and the security systems of customers remained unaffected and secure.”
ADT assured that the breach was contained and that all affected individuals have been contacted.
The recent statement from ADT follows its appearance on the ShinyHunters data leak platform, where hackers claimed to have obtained 10 million records containing personal information of customers.
“More than 10 million records containing Personally Identifiable Information (PII) and other internal corporate data have been compromised. Pay or we will leak,” declared the data leak site.
“This serves as a final warning to reach out by April 27, 2026, before we proceed with the leak and bring forth various digital disturbances.”
ADT did not confirm the exact volume of data stolen as claimed by the attackers.
ShinyHunters informed BleepingComputer that they allegedly breached ADT through a voice phishing (vishing) attack that compromised an employee’s Okta single sign-on (SSO) account. Utilizing this account, the threat actors purportedly gained access to and extracted data from the company’s Salesforce platform.
Since the previous year, the extortion group has been conducting widespread vishing campaigns targeting employees and BPO agents’ Microsoft Entra, Okta, and Google SSO accounts.
Upon gaining entry to a corporate SSO account, the threat actors proceed to steal data from connected Software as a Service (SaaS) applications like Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and numerous others.
This stolen data is then utilized as leverage to extort the company into paying a ransom; otherwise, the data will be made public.
Previously, ADT had disclosed data breaches in August and October 2024, compromising both customer and employee information.
An AI exploit combining four zero-day vulnerabilities to bypass renderer and OS sandboxes has emerged, signaling a forthcoming wave of new exploits.
Explore how autonomous, context-rich validation can identify exploitable vulnerabilities, validate controls, and complete the remediation process at the Autonomous Validation Summit on May 12 & 14.
Secure Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
