ShinyHunters group claims massive data theft from home security provider ADT

Home and office security systems provider ADT has confirmed that it suffered a breach incident on April 20, shortly after the ShinyHunters extortion group claimed that it stole 10 million records from the company’s systems.

 

The Boca Raton, Florida based security systems company announced on Friday that it detected unauthorised access to its computer systems on April 20 that enabled malicious actors to access and exfiltrate a "limited set of customer and prospective customer data" from the targeted systems.

 

ADT provides smart home security systems with 24x7 monitoring support to more than six million customers in the United States. Its range of products include security cameras, health and senior safety equipment, home security products, and smart home solutions like touch locks, thermostats, mesh Wi-Fi, battery-operated door locks, smart lights and distress signals.

 

The company said that as soon as the unauthorised access was detected, its security team moved quickly to sever the third party access and the company launched an investigation into the breach with help from third-party cybersecurity experts and notified law enforcement agencies.

 

"The investigation confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included," ADT said.

 

The company said the data breach incident did not compromise customers’ bank account or payment card information and its customer security systems continued to function without any disruptions.

 

"Protecting customers is not just a priority — it is the foundation of what ADT does. The company remains committed to investing in and strengthening the cybersecurity infrastructure that its customers and their families depend on," it added.

 

The company’s announcement arrived shortly after the ShinyHunters cyber extortion group

on its dark web portal that it stole more than ten million data records from the security solutions company’s systems, including customers’ personally identifiable information and internal company records.

 

The group gave ADT a deadline of April 27 to reach out and finalise a ransom payment, failing which it would leak the stolen records online. ShinyHunters is known for running double extortion campaigns, stealing sensitive data from victim organisations and encrypting computer systems and files to force victims to pay ransom.

 

ADT is yet to report the cyber security incident to state Attorney Generals in the US and has not confirmed the number of customers whose data was compromised during the incident. The company also did not mention if it was contacted by malicious actors or whether it had paid a ransom to regain access to the stolen data.