GoKawiilThe ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned.
Founded in 1874 as American District Telegraph, ADT is the oldest and largest home security company in the United States, currently providing monitored security and smart home solutions to over 6 million residential and small-business customers.
ADT has previously disclosed two other data breaches in August 2024 and October 2024 that exposed employee and customer information.
Have I Been Pwned's report comes after ShinyHunters claimed last week that they had stolen over 10 million records containing personally identifiable information (PII) and ADT corporate data.
When asked to confirm the cybercrime group's claims, ADT told BleepingComputer that it detected the breach on April 20 and that a follow-up investigation found the intrusion was limited but allowed the attackers to access some individuals' personal information.
"The investigation confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included," ADT told BleepingComputer.
"Critically, no payment information — including bank accounts or credit cards — was accessed, and customer security systems were not affected or compromised in any way."
The cybercrime group has since leaked an 11GB archive of stolen data on its dark web leak site after failing to extort the company.
ADT on ShinyHunters' leak site (BleepingComputer)
While ADT has yet to disclose the total number of affected individuals, Have I Been Pwned analyzed the stolen data and said the breach exposed the data of 5.5 million people, including unique email addresses, names, dates of birth, phone numbers, physical addresses, and partial government-issued IDs.
... continue reading