Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data. The intrusion, detected in April 2026, involved unauthorized access to databases containing customer and prospective customer data.
The compromised information includes names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also exposed. ShinyHunters claimed to have breached ADT via a voice phishing (vishing) attack that compromised an employee’s Okta single sign-on (SSO) account, subsequently accessing data hosted in Salesforce environments.
How to check if you’re affected
- Scope: Current and prospective ADT customers whose data was stored in ADT’s Salesforce environment versions prior to April 2026. Review associated devices for suspicious activity.
- ADT is in the process of notifying affected individuals via email and mailed letters.
- Monitor your email accounts for official communications from ADT. Do not click links or call numbers in emails claiming to be from ADT without verifying they match official ADT domains.
- If you are an ADT customer, review your account for unauthorized changes. Since phone numbers and addresses were exposed, be highly vigilant against targeted SMS phishing (smishing) and voice phishing (vishing) attempts.