The American security company ADT has confirmed via a statement to CyberInsider a cybersecurity incident involving unauthorized access to a subset of customer data.
The admission follows claims by the ShinyHunters extortion group that it breached the company and stole over 10 million records.
While ADT states the intrusion was quickly contained and that the impacted data was limited, the threat actor alleges a significantly larger compromise and is attempting to extort the company.
According to a statement ADT sent us, the company detected suspicious activity within its systems on April 20, 2026, triggering its internal incident response protocols. The intrusion was promptly terminated, and ADT engaged external cybersecurity experts to conduct a forensic investigation while also notifying law enforcement authorities. The investigation determined that the exposed data includes customer and prospective customer information such as names, phone numbers, and physical addresses. In a smaller number of cases, the compromised data also contained dates of birth and the last four digits of Social Security numbers or Tax IDs.
ADT emphasized that no financial data, such as credit card or banking details, was accessed during the breach, and that its home security systems and monitoring services were not affected. The company stated that impacted individuals have been notified directly and will be offered identity protection services where appropriate.
Founded in 1874, ADT is one of the largest providers of electronic security, smart home automation, and alarm monitoring services in the United States, serving millions of residential and commercial customers.
ShinyHunters, a well-known cybercrime group linked to numerous high-profile data breaches, claims to have obtained “over 10 million records containing PII and other internal corporate data” and issued a “final warning” demanding payment by April 27, 2026. The attackers threaten to leak the data publicly.
Users who may have been affected should remain cautious of potential phishing attempts and social engineering attacks using exposed personal details. It is advisable to monitor financial accounts and credit reports for suspicious activity, enable fraud alerts where possible, and take advantage of any identity protection services offered by ADT.
In August 2024, ADT disclosed that it had suffered another breach affecting customer order information, email addresses, phone numbers, and physical addresses, after a threat actor advertised tens of thousands of records on a hacking forum.
Leave a Reply