Home security giant ADT data breach affects 5.5 million people
by Sergiu Gatlan · BleepingComputerThe ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned.
Founded in 1874 as American District Telegraph, ADT is the oldest and largest home security company in the United States, currently providing monitored security and smart home solutions to over 6 million residential and small-business customers.
ADT has previously disclosed two other data breaches in August 2024 and October 2024 that exposed employee and customer information.
Have I Been Pwned's report comes after ShinyHunters claimed last week that they had stolen over 10 million records containing personally identifiable information (PII) and ADT corporate data.
When asked to confirm the cybercrime group's claims, ADT told BleepingComputer that it detected the breach on April 20 and that a follow-up investigation found the intrusion was limited but allowed the attackers to access some individuals' personal information.
"The investigation confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included," ADT told BleepingComputer.
"Critically, no payment information — including bank accounts or credit cards — was accessed, and customer security systems were not affected or compromised in any way."
The cybercrime group has since leaked an 11GB archive of stolen data on its dark web leak site after failing to extort the company.
While ADT has yet to disclose the total number of affected individuals, Have I Been Pwned analyzed the stolen data and said the breach exposed the data of 5.5 million people, including unique email addresses, names, dates of birth, phone numbers, physical addresses, and partial government-issued IDs.
The extortion group told BleepingComputer that they had allegedly breached the company after compromising an employee's Okta single sign-on (SSO) account in a voice phishing (vishing) attack. Using this employee account, the attackers said they gained access and stole data from the company's Salesforce instance.
ShinyHunters has been behind widespread vishing campaigns that began last year and target employees' and Business Process Outsourcing (BPO) agents' Microsoft Entra, Okta, and Google SSO accounts.
After breaching corporate SSO accounts, they steal data from connected SaaS applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and others.
Last week, ShinyHunters also claimed to have stolen more than 9 million records from Medtronic, the world's largest medical device maker by revenue, with operations in 150 countries.
Other companies that the extortion claimed to have breached in recent weeks include the European Commission, Rockstar Games, edtech giant McGraw Hill, and, more recently, convenience store chain 7-Eleven, cruise line operator Carnival, fast fashion retailer Zara, and online training company Udemy.
99% of What Mythos Found Is Still Unpatched.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.