Home security giant ADT data breach affects 5.5 million people

· security policy · Source ↗

TLDR

  • ShinyHunters breached ADT via a vishing attack on an employee’s Okta SSO account, exposing data on 5.5 million people.

Key Facts

  • The stolen data includes names, phone numbers, addresses, dates of birth, and partial Social Security or Tax ID numbers for some individuals.
  • No payment information and no customer security systems were affected, ADT confirmed to BleepingComputer.
  • ShinyHunters accessed ADT’s Salesforce instance through a compromised SSO account, then leaked an 11GB archive after extortion failed.
  • This is ADT’s third disclosed breach since August 2024; Have I Been Pwned identified 5.5 million unique records in the leaked data.

Why It Matters

  • ShinyHunters is running a broad vishing campaign targeting corporate SSO accounts at multiple major companies, not just ADT.
  • ADT serves over 6 million residential and small-business customers, making the scope of exposed personal data significant.

Sergiu Gatlan / BleepingComputer · 2026-04-27 · Read the original

Related coverage