ADT Confirms Data Breach After ShinyHunters Leak Claim
Key Takeaways Home security provider ADT confirmed a data breach after the ShinyHunters group claimed to have exfiltrated over 10 million records. The breach, detected on April 20, 2026, originated...
Key Takeaways
- Home security provider ADT confirmed a data breach after the ShinyHunters group claimed to have exfiltrated over 10 million records.
- The breach, detected on April 20, 2026, originated from a vishing attack that compromised an employee’s Okta SSO account.
- Exposed data includes customer names, phone numbers, home addresses, and in some cases, dates of birth and partial Social Security numbers/Tax IDs.
- ADT has notified affected individuals and is offering identity protection services, stating no financial data or home security systems were compromised.
ADT Confirms Breach Following ShinyHunters Ransom Demand
Home security giant ADT Inc. has officially acknowledged a data breach, corroborating claims made by the prominent cybercrime syndicate ShinyHunters. The group had asserted the theft of more than 10 million customer records and issued a ransom ultimatum, threatening public disclosure if their demands were not met.
Table Of Content
Headquartered in Boca Raton, Florida, ADT disclosed the security incident in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC) on April 24, 2026. The company stated it identified unauthorized access to specific cloud-based environments four days prior, on April 20, 2026.
ShinyHunters Leveraged Vishing to Access Customer Data
The incident gained public attention after ShinyHunters posted details on their dark web data leak site. The group claimed to have compromised “over 10 million records containing PII and other internal corporate data,” issuing a stark warning: “Reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”
ShinyHunters attributed the breach to a successful voice phishing (vishing) attack. This method reportedly allowed the attackers to compromise an employee’s Okta single sign-on (SSO) account, providing an initial foothold into ADT’s internal systems.
With this compromised access, the threat actors allegedly moved to ADT’s Salesforce instance, from which they exfiltrated data. This particular modus operandi—impersonating IT support to trick employees into granting system access—is a known tactic frequently associated with ShinyHunters’ operations.
Scope of Exposed Data and ADT’s Response
ADT’s internal investigation revealed that the breach affected a subset of customer and prospective customer records. According to PCMag, the compromised information primarily consists of names, phone numbers, and home addresses. In some instances, dates of birth and the last four digits of Social Security numbers or Tax IDs were also exposed. Crucially, ADT confirmed that no financial details, such as bank account or credit card information, were accessed, and customer home security systems remained secure and fully operational.
Upon detecting the unauthorized activity, ADT immediately terminated the access, initiated its Incident Response Plan (IRP), engaged external cybersecurity experts for a forensic examination, and alerted law enforcement agencies. The company has also “directly notified all impacted individuals” and committed to providing complimentary identity protection services where deemed necessary.
In its 8-K filing, ADT emphasized its belief that the incident is “not reasonably likely to have a material impact” on its financial health or ongoing business operations, though the full extent of the breach continues to be assessed.
This incident is not an isolated event for ADT, which previously reported two separate security breaches in August and October 2024, both involving the exposure of customer and employee information. The latest extortion attempt by ShinyHunters raises significant concerns regarding ADT’s cloud security posture and the efficacy of its access control mechanisms, particularly concerning employee authentication via SSO platforms. As ShinyHunters’ April 27 deadline approaches, the cybersecurity community awaits ADT’s next move regarding the ransom demand.
What You Should Do
- Be vigilant for any unsolicited communications, particularly those impersonating ADT or other service providers, and verify their legitimacy through official channels.
- Enable multi-factor authentication (MFA) on all online accounts, especially for critical services and any accounts linked to ADT.
- Monitor your credit reports and financial statements for any suspicious activity. Consider placing a credit freeze or fraud alert if you believe your Social Security number or Tax ID was compromised.
- If you receive notification from ADT about being affected, promptly enroll in any identity protection services offered by the company.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.