Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt

Security giant says attackers grabbed 'limited set' of data. Crooks claim 10 million records

by · The Register

A home security biz getting digitally burgled is not a great look - but that's exactly where ADT finds itself. The company has confirmed a cyber intrusion following an extortion attempt by the ShinyHunters crew, which claims to have made off with more than 10 million records.

US-based ADT is one of the world's largest providers of monitored home alarm systems, selling everything from burglar alarms and cameras to smart home kits, all pitched on keeping unwanted visitors out. 

On Friday, the company said it detected "unauthorized access" on April 20, shut it down, and brought in outside incident responders, with law enforcement looped in. 

According to ADT, the intruder made off with a "limited set" of data covering names, phone numbers, and addresses, with a smaller slice including dates of birth and the last four digits of Social Security or tax ID numbers. No payment data was accessed, it said, and the firm was keen to stress that customer security systems were not touched.

That's the official version.

ShinyHunters, meanwhile, is telling a rather different story. In a post on its dark web leak site, seen by The Register, the crew claims it lifted "over 10M Salesforce records containing PII and other internal corporate data" and is now airing the lot after talks with ADT went nowhere. 

"The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made," the group said. "They don't care."

The mention of Salesforce hints at a possible SaaS foothold rather than someone fiddling with alarm panels. While ADT has yet to confirm how the intruders gained access, it said in a separate 8-K filing [PDF] that attackers accessed "certain cloud-based environments."

There is, to put it mildly, a gap between "limited set" and "10 million records." Companies tend to define incidents as tightly as possible, while crooks tend to do the opposite. The truth usually lands awkwardly in between. Have I Been Pwned has now put a number on it, listing 5.5 million unique email addresses, a number that sits far nearer "millions" than ADT's version of events.

ShinyHunters recently made similar claims about cruise company Carnival Corporation, complete with talk of failed negotiations and a looming data dump.

ADT has not yet responded to questions from The Register about how it was compromised, how many people were affected, whether customers outside the US are involved, or whether it has filed breach notifications with state attorneys general.

For a company built on keeping intruders out, this one has already got inside the front door. Whether it also cleaned out the filing cabinets is the part still being argued over. ®

Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor: NCSC boss says China's whole-of-state cyber machine has become Britain's peer competitor in cyberspaceConnor Jones, 21 Apr 2026Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords: Plus: Court papers reveal nonprofit paid a ransom worth nearly $26.8 millionConnor Jones, 21 Apr 2026Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromiseFEATURE: Time to start dropping SBOMsJessica Lyons, 11 Apr 2026UK manufacturers under cyber fire with 80% reporting attacks: ESET says factory outages, lost revenue, and supply chain disruption are becoming routineCarly Page, 01 Apr 2026