ADT Confirms Data Breach Following ShinyHunters Data Leak Claim

HomeCyber Security ADT Confirms Data Breach Following ShinyHunters Data Leak Claim By Guru Baran April 25, 2026 Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum — “Pay or Leak.” ADT, headquartered in Boca Raton, Florida, disclosed the incident via a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on April 24, 2026, stating that it became aware of unauthorized access to certain cloud-based environments on April 20, 2026. The incident came to light after ShinyHunters posted a listing on their dark web data leak site, claiming to have compromised “over 10 million records containing PII and other internal corporate data.” The group issued a chilling final warning: “Reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.” ShinyHunters claimed the breach was carried out through a voice phishing (vishing) attack that successfully compromised an employee’s Okta single sign-on (SSO) account. Using this foothold, the threat actors allegedly accessed and exfiltrated data from ADT’s Salesforce instance. This tactic, impersonating IT support to manipulate employees into granting internal system access, is a hallmark method associated with ShinyHunters’ operations. ADT’s investigation determined that the exposed data was limited to a set of customer and prospective customer records. According to PCMag, the compromised information primarily included names, phone numbers, and home addresses. In some cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. ADT confirmed that no financial information, such as bank account or credit card data, was accessed, and that customer home security systems remained secure and fully operational. Upon detecting the intrusion, ADT promptly terminated the unauthorized access, activated its Incident Response Plan (IRP), engaged third-party cybersecurity experts for a forensic investigation, and notified law enforcement. The company stated it has “directly notified all impacted individuals” and will provide complimentary identity protection services where necessary. ADT’s 8-K filing stressed that the company does not believe the incident is “reasonably likely to have a material impact” on its financial condition or ongoing business operations, though the full scope of the breach remains under assessment. This is not ADT’s first rodeo with data breaches. The company previously disclosed two separate security incidents in August and October 2024, both of which exposed customer and employee information. The latest ShinyHunters extortion campaign raises serious questions about ADT’s cloud security posture and access control hygiene, particularly around employee authentication mechanisms like SSO platforms. With the threat actor’s April 27 deadline looming, the security community is closely watching whether ADT will comply, negotiate, or call the bluff. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran is the Co-Founder and Editor-in-Chief of CyberSecurityNews.com, specializing in vulnerability analysis, malware research, ransomware, and computer forensics. Trending News Gentlemen RaaS Attacking Windows, Linux With additional locker written in C for ESXi Hackers Use Pastebin-Hosted PowerShell Script to Steal Telegram Sessions CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack AI-Assisted Lazarus Campaign Targets Developers With Backdoored Coding Challenges AI-Powered Exploitation May Collapse the Patch Window for Defenders Latest News Cyber Security Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools Cyber Security New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions Cyber Security News CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack Cyber Security News Claude AI Agents Close 186 Deals in Anthropic’s Marketplace Experiment Bug Bounty GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities