ADT says customer data stolen in cyber intrusion
Source: Hacker News
Incident Overview
The home security company ADT reported that cybercriminals breached its systems on Monday, stealing a “limited set” of customer and prospective customer information. The stolen data included names, phone numbers, addresses, dates of birth, the last four digits of Social Security numbers, and tax IDs. No payment data was compromised, and ADT confirmed that “customer security systems were not affected or compromised in any way.”
A cybercriminal group later claimed to have stolen 10 million records containing personal information and threatened to leak the data unless a ransom was paid. Source
ADT’s Response
- ADT has directly notified all impacted individuals.
- The company will offer complimentary identity‑protection services where appropriate.
- Law enforcement has been notified, and third‑party cyber experts have been engaged.
Company Background
ADT is a Florida‑based provider of alarm monitoring systems, reporting $5.1 billion in revenue last year. The company has disclosed multiple cybersecurity breaches and intrusions to the Securities and Exchange Commission over the past two years, including incidents involving customer and employee data. SEC filing | The Record – breach report | The Record – encrypted data breach
Threat Actor: ShinyHunters
ADT is the latest victim of the ShinyHunters cybercriminal operation. In April, the group targeted:
Law enforcement gained momentum against the group toward the end of 2025 after a series of industry‑specific attacks. A British member of ShinyHunters recently pleaded guilty and faces up to 22 years in prison, while another member is serving a 10‑year sentence. plea details | sentence details
The group resurfaced with a new data‑leak site earlier this year, claiming involvement in incidents affecting: