ADT confirms data breach following a ransom threat from the notorious ShinyHunters extortion group, who claimed to have stolen over 10 million records containing personally identifiable information (PII) from the home security giant. The breach, detected on April 20, 2026, has prompted ADT to launch a forensic investigation and notify affected customers, emphasizing that no payment information or customer security systems were compromised.
ShinyHunters’ Modus Operandi and Demands
ShinyHunters, a cybercrime group renowned for its large-scale data theft and vishing campaigns, has claimed responsibility for the ADT intrusion. The group stated they accessed ADT’s Salesforce instance, allegedly through a voice phishing (vishing) attack that compromised an employee’s Okta single sign-on (SSO) account. They are demanding a ransom payment by April 27, 2026, threatening to publicly leak the stolen data and cause “several annoying (digital) problems” if their demands are not met.
“ShinyHunters’ use of vishing to compromise SSO accounts highlights a growing and sophisticated threat vector for corporate data breaches.”
The compromised data includes names, phone numbers, and addresses. In a smaller subset of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. ADT has not confirmed the exact volume of data claimed by ShinyHunters but has moved swiftly to address the incident.
The Timeline of the ADT Data Breach
The sequence of events surrounding the ADT data breach unfolded rapidly. Unauthorized access was first detected by ADT on Monday, April 20, 2026. ADT publicly disclosed the breach on April 24, 2026, just one day after ShinyHunters issued their ransom threat on the dark web. The cybercrime group has set a firm deadline of April 27, 2026, for ADT to comply with their demands, underscoring the urgency of the situation.
ADT’s Response and Customer Protection
In response to the incident, ADT immediately terminated the intrusion and initiated a comprehensive forensic investigation with the assistance of third-party cybersecurity experts. The company has also notified law enforcement agencies and is working to directly inform all impacted individuals. As a protective measure, ADT is offering complimentary identity protection services where appropriate, demonstrating their commitment to assisting affected customers. Furthermore, the company has implemented additional security measures to bolster its IT assets and operations against future threats.
This related Tech news underscores the persistent challenge businesses face in safeguarding sensitive customer information against increasingly sophisticated cyberattacks. The ADT confirms data breach incident serves as a stark reminder for all organizations to continuously review and enhance their cybersecurity protocols, particularly against social engineering tactics like vishing that target human vulnerabilities.




