Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum \u2014 \u201cPay or Leak.\u201d<\/p>\n
ADT, headquartered in Boca Raton, Florida, disclosed the incident via a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on April 24, 2026, stating that it became aware of unauthorized access to certain cloud-based environments on April 20, 2026.<\/p>\n
The incident came to light after ShinyHunters posted a listing on their dark web data leak site, claiming to have compromised \u201cover 10 million records containing PII and other internal corporate data.\u201d The group issued a chilling final warning: \u201cReach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that\u2019ll come your way.\u201d<\/em><\/p>\n ShinyHunters claimed the breach was carried out through a voice phishing (vishing) attack<\/a> that successfully compromised an employee\u2019s Okta single sign-on (SSO) account.<\/p>\n Using this foothold, the threat actors allegedly accessed and exfiltrated data from ADT\u2019s Salesforce instance. This tactic, impersonating IT support to manipulate employees into granting internal system access, is a hallmark method associated with ShinyHunters\u2019 operations.<\/p>\n ADT\u2019s investigation determined that the exposed data was limited to a set of customer and prospective customer records. According to PCMag, the compromised information primarily included names, phone numbers, and home addresses.<\/p>\n In some cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. ADT confirmed that no financial information, such as bank account or credit card data, was accessed, and that customer home security systems remained secure and fully operational.<\/p>\n Upon detecting the intrusion, ADT promptly terminated the unauthorized access, activated its Incident Response Plan (IRP), engaged third-party cybersecurity experts for a forensic investigation, and notified law enforcement.<\/p>\n The company stated it has \u201cdirectly notified all impacted individuals\u201d and will provide complimentary identity protection services where necessary.<\/p>\n ADT\u2019s 8-K filing stressed that the company<\/a> does not believe the incident is \u201creasonably likely to have a material impact\u201d on its financial condition or ongoing business operations, though the full scope of the breach remains under assessment.<\/p>\n This is not ADT\u2019s first rodeo with data breaches. The company previously disclosed two separate security incidents in August and October 2024, both of which exposed customer and employee information.<\/p>\n The latest ShinyHunters extortion campaign raises serious questions about ADT\u2019s cloud security posture and access control hygiene, particularly around employee authentication mechanisms like SSO platforms. With the threat actor\u2019s April 27 deadline looming, the security community is closely watching whether ADT will comply, negotiate, or call the bluff.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post ADT Confirms Data Breach Following ShinyHunters Data Leak Claim<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiE2Tqpl_zsMeWHcgdC2GWGFghLqbrDRj2QMSM61MBcPorIxiRMd8S8d9EUnKKDyqrn_FloDS0iXy-H3Nm3mFNSQ-aIGqLLykUl9-b5-mvlE7s5rO2UdnY49_hwueQEgKd_u61jM4FBS-Bd6AuaDWR91jVffSJfvuVNFQqWSErzKPzioVECCr9lYy6Trrf2\/s16000\/ADT%2520Confirms%2520Data%2520Breach.webp?ssl=1\")
<\/figure>\n<\/div>\n