Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Microsoft Patches Windows 11 OOBE Flaw in Cumulative Update
July 5, 2026
PamStealer Mimics Maccy, Silently Harvests Data
July 4, 2026
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Home/CyberSecurity News/ADT Confirms Data Breach After ShinyHunters Leak Claim
CyberSecurity News

ADT Confirms Data Breach After ShinyHunters Leak Claim

Key Takeaways Home security provider ADT confirmed a data breach after the ShinyHunters group claimed to have exfiltrated over 10 million records. The breach, detected on April 20, 2026, originated...

Jennifer sherman
Jennifer sherman
April 25, 2026 3 Min Read
46 0

Key Takeaways

  • Home security provider ADT confirmed a data breach after the ShinyHunters group claimed to have exfiltrated over 10 million records.
  • The breach, detected on April 20, 2026, originated from a vishing attack that compromised an employee’s Okta SSO account.
  • Exposed data includes customer names, phone numbers, home addresses, and in some cases, dates of birth and partial Social Security numbers/Tax IDs.
  • ADT has notified affected individuals and is offering identity protection services, stating no financial data or home security systems were compromised.

ADT Confirms Breach Following ShinyHunters Ransom Demand

Home security giant ADT Inc. has officially acknowledged a data breach, corroborating claims made by the prominent cybercrime syndicate ShinyHunters. The group had asserted the theft of more than 10 million customer records and issued a ransom ultimatum, threatening public disclosure if their demands were not met.

Table Of Content

  • Key Takeaways
  • ADT Confirms Breach Following ShinyHunters Ransom Demand
  • ShinyHunters Leveraged Vishing to Access Customer Data
  • Scope of Exposed Data and ADT’s Response
  • What You Should Do

Headquartered in Boca Raton, Florida, ADT disclosed the security incident in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC) on April 24, 2026. The company stated it identified unauthorized access to specific cloud-based environments four days prior, on April 20, 2026.

ShinyHunters Leveraged Vishing to Access Customer Data

The incident gained public attention after ShinyHunters posted details on their dark web data leak site. The group claimed to have compromised “over 10 million records containing PII and other internal corporate data,” issuing a stark warning: “Reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”

ShinyHunters attributed the breach to a successful voice phishing (vishing) attack. This method reportedly allowed the attackers to compromise an employee’s Okta single sign-on (SSO) account, providing an initial foothold into ADT’s internal systems.

With this compromised access, the threat actors allegedly moved to ADT’s Salesforce instance, from which they exfiltrated data. This particular modus operandi—impersonating IT support to trick employees into granting system access—is a known tactic frequently associated with ShinyHunters’ operations.

Scope of Exposed Data and ADT’s Response

ADT’s internal investigation revealed that the breach affected a subset of customer and prospective customer records. According to PCMag, the compromised information primarily consists of names, phone numbers, and home addresses. In some instances, dates of birth and the last four digits of Social Security numbers or Tax IDs were also exposed. Crucially, ADT confirmed that no financial details, such as bank account or credit card information, were accessed, and customer home security systems remained secure and fully operational.

Upon detecting the unauthorized activity, ADT immediately terminated the access, initiated its Incident Response Plan (IRP), engaged external cybersecurity experts for a forensic examination, and alerted law enforcement agencies. The company has also “directly notified all impacted individuals” and committed to providing complimentary identity protection services where deemed necessary.

In its 8-K filing, ADT emphasized its belief that the incident is “not reasonably likely to have a material impact” on its financial health or ongoing business operations, though the full extent of the breach continues to be assessed.

This incident is not an isolated event for ADT, which previously reported two separate security breaches in August and October 2024, both involving the exposure of customer and employee information. The latest extortion attempt by ShinyHunters raises significant concerns regarding ADT’s cloud security posture and the efficacy of its access control mechanisms, particularly concerning employee authentication via SSO platforms. As ShinyHunters’ April 27 deadline approaches, the cybersecurity community awaits ADT’s next move regarding the ransom demand.

What You Should Do

  • Be vigilant for any unsolicited communications, particularly those impersonating ADT or other service providers, and verify their legitimacy through official channels.
  • Enable multi-factor authentication (MFA) on all online accounts, especially for critical services and any accounts linked to ADT.
  • Monitor your credit reports and financial statements for any suspicious activity. Consider placing a credit freeze or fraud alert if you believe your Social Security number or Tax ID was compromised.
  • If you receive notification from ADT about being affected, promptly enroll in any identity protection services offered by the company.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachCybersecurityphishingSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Anthropic Claude Desktop Exposes Chromium Browser Data to Attackers

Next Post

Critical Cisco Firepower Vulnerabilities Exploited by Attackers

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
The Future of Encryption: Top Post-Quantum Cryptography Solutions for 2026
July 3, 2026
Alibaba Bans Internal Use of Claude AI Over Backdoor Concerns
July 3, 2026
Apache ActiveMQ Critical Vulnerabilities Allow DoS Attacks, System Crashes
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us