Cyber Incident Victim: ADT Inc.
Date:
Apr 2026
Location:
United States of America
Summary
ADT Inc. experienced a data breach after attackers gained unauthorized access to a limited set of customer and prospective customer data. The intrusion, traced to a voice phishing compromise of an employee Okta single sign‑on account, allowed the threat group ShinyHunters to extract names, phone numbers, addresses, dates of birth and the last four digits of some Social Security numbers from the company’s Salesforce system. The company confirmed that no payment card or bank information was accessed and that its security monitoring systems remained unaffected. The breach prompted a forensic investigation, law enforcement notification and subsequent class‑action inquiries regarding potential identity theft risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 20, 2026, ADT's cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data, prompting the activation of the company's response protocols. The intrusion was terminated immediately, a forensic investigation was launched with leading third‑party cybersecurity experts, and law enforcement was notified. ADT confirmed that the breach was discovered on that date and that the incident involved unauthorized access to its systems. The company disclosed that it had previously experienced data breaches in August and October 2024.
The investigation determined that the exposed information consisted of names, phone numbers, and addresses, with a small percentage of records also containing dates of birth and the last four digits of Social Security numbers or Tax IDs. No payment card data, bank account information, or customer security system details were accessed. The hacker group ShinyHunters claimed responsibility for the attack, asserting that it stole more than ten million records and that the breach began with a voice phishing (vishing) call that compromised an employee's Okta single sign‑on account, providing access to ADT's Salesforce environment. ADT has not publicly confirmed the specific attack method described by ShinyHunters.
Individuals who received a data breach notification from ADT were identified as potentially facing an increased risk of identity theft and fraud due to the exposed personal information. In response to the incident, a national class action law firm, Edelson Lechtzin LLP, announced an investigation into potential legal claims on behalf of affected individuals and began offering free case evaluations. ADT, headquartered in Boca Raton, Florida, continues to operate as the nation's largest provider of monitored home security systems, smart home features, and fire safety services. The firm's statement noted that ADT learned of the cybersecurity incident on April 20, 2026, and that the breach did not compromise customer security systems.