ADT Confirms Data Breach Following ShinyHunters Extortion Threat

ADT, a major player in home security, has confirmed a data breach after the notorious ShinyHunters hacking group threatened to release stolen customer information unless a ransom is paid. The breach was detected on April 20, 2026, prompting ADT to halt the intrusion and launch a thorough investigation.

This incident highlights the growing threat of sophisticated cyberattacks targeting corporate single sign-on systems, with attackers exploiting employee credentials to access sensitive data. ADT’s confirmation underscores the risks faced by companies handling vast amounts of personal information.

Details of the Breach and Data Compromised

ADT revealed that the breach involved unauthorized access to customer and prospective customer data, including names, phone numbers, and addresses. In a smaller subset of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also exposed. Importantly, ADT confirmed that no payment information or customer security systems were compromised.

ShinyHunters’ Extortion Tactics and Attack Method

The ShinyHunters group publicly listed ADT on their data leak site, claiming to have stolen over 10 million records. They issued a final ransom demand with a deadline of April 27, 2026, threatening to release the data and cause digital disruptions if unpaid. According to ShinyHunters, the breach was executed via a voice phishing (vishing) attack that compromised an employee’s Okta single sign-on account, granting access to ADT’s Salesforce data.

• Vishing campaigns targeting employee and BPO agent SSO accounts
• Access to SaaS platforms like Salesforce, Microsoft 365, Google Workspace, and others
• Use of stolen data to extort companies for ransom payments

ADT’s Response and Previous Security Incidents

ADT has stated that the intrusion was limited and that all affected individuals have been contacted. This breach follows earlier incidents in August and October 2024, where customer and employee information was also exposed. The company continues to investigate and strengthen its security measures to prevent future attacks.

What This Means for Customers and the Industry

The ADT breach serves as a stark reminder of the vulnerabilities in corporate security, especially around single sign-on systems and employee-targeted phishing attacks. Customers should remain vigilant for potential phishing attempts and monitor their personal information for suspicious activity. Meanwhile, companies must enhance employee training and implement stronger multi-factor authentication to combat evolving cyber threats.

“No payment information or customer security systems were affected or compromised in any way,” ADT emphasized in their statement, aiming to reassure customers amid growing concerns.—ADT spokesperson