ADT data breach exposes info of 5.5 million customers
▼ Summary
– ShinyHunters stole the personal information of 5.5 million people from ADT, as reported by Have I Been Pwned.
– ADT detected the breach on April 20, stating it was limited to names, phone numbers, addresses, and in some cases, partial Social Security numbers or Tax IDs.
– No payment information or customer security systems were compromised in the breach.
– ShinyHunters leaked an 11GB archive of stolen data on its dark web leak site after failing to extort ADT.
– The attackers allegedly breached ADT by compromising an employee’s Okta SSO account through a voice phishing attack.
The ShinyHunters extortion group has exposed the personal data of 5.5 million individuals following a breach of home security leader ADT. The disclosure comes from data breach notification service Have I Been Pwned, which analyzed the stolen information.
Founded in 1874 as American District Telegraph, ADT is the oldest and largest home security firm in the United States. It currently serves over 6 million residential and small-business customers with monitored security and smart home solutions. The company has previously disclosed two other data breaches, in August 2024 and October 2024, which compromised employee and customer information.
The latest incident began when ShinyHunters claimed last week to have stolen more than 10 million records containing personally identifiable information (PII) and corporate data. ADT confirmed to BleepingComputer that it detected the breach on April 20. A subsequent investigation revealed that the intrusion was limited but allowed attackers to access certain personal details.
“The investigation confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included,” ADT told BleepingComputer. “Critically, no payment information , including bank accounts or credit cards , was accessed, and customer security systems were not affected or compromised in any way.”
Despite the company’s efforts to contain the breach, ShinyHunters leaked an 11GB archive of stolen data on its dark web leak site after failing to extort ADT. Have I Been Pwned’s analysis of the leaked data confirms that 5.5 million people were affected, with exposed records including unique email addresses, names, dates of birth, phone numbers, physical addresses, and partial government-issued IDs.
According to the extortion group, the breach began when attackers compromised an employee’s Okta single sign-on (SSO) account through a voice phishing (vishing) attack. Using that account, they gained access to and stole data from ADT’s Salesforce instance. ShinyHunters has been behind widespread vishing campaigns since last year, targeting employees’ and Business Process Outsourcing (BPO) agents’ Microsoft Entra, Okta, and Google SSO accounts. After compromising corporate SSO accounts, the group typically steals data from connected SaaS applications such as Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, Dropbox, and others.
Last week, ShinyHunters also claimed to have stolen more than 9 million records from Medtronic, the world’s largest medical device maker by revenue. Other recent targets include the European Commission, Rockstar Games, edtech giant McGraw Hill, convenience store chain 7-Eleven, cruise line operator Carnival, fast fashion retailer Zara, and online training company Udemy.
(Source: BleepingComputer)
