ADT data breach exposes customer information

written by Kurt Knutsson
Illustration of ADT data breach exposing customer information
At a glance
  • ADT confirmed a data breach after hackers claimed they stole millions of customer records.
  • Stolen data includes names, phone numbers and addresses, with some cases involving partial Social Security details.
  • Attackers reportedly used a phone-based scam to gain access to an employee account and internal systems.
  • ADT says no payment information or home security systems were affected by the breach.

 

ADT has confirmed a new data breach, and it comes with a familiar twist. A well-known cybercrime group is reportedly demanding money and threatening to leak data if it does not get paid.

The group behind it, ShinyHunters, says it stole more than 10 million records. ADT has not confirmed that number, but it says attackers accessed customer data.

According to the company, “ADT’s cybersecurity systems detected unauthorized access to a limited set of customer and prospective customer data on April 20, and the company’s response protocols activated immediately, terminating the intrusion, launching a forensic investigation with leading third-party cybersecurity experts, and notifying law enforcement.”

 

 

In the ADT breach, hackers reportedly used a phone-based scam to trick an employee and gain access to internal systems.

Credit: ADT

 

What data was exposed in the ADT breach

ADT says, “The investigation confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included. 

Here is the part that may bring some relief. ADT tells CyberGuy, “Critically, no payment information, including bank accounts or credit cards, was accessed, and customer security systems were not affected or compromised in any way.”

Still, this kind of personal data carries real value. Even without full Social Security numbers, attackers can use it to build convincing scams that feel personal.

 

How hackers may have accessed ADT systems

This breach may have started with a phone call. ShinyHunters told BleepingComputer it used a voice phishing attack, often called vishing, to compromise an employee’s Okta single sign-on account. The group claims that access allowed it to steal data from ADT’s Salesforce system. ADT has confirmed unauthorized access to customer and prospective customer data, but it has not publicly confirmed that specific attack method. This approach has become more common. Instead of hacking systems directly, attackers target people. One successful interaction can unlock multiple systems at once.

In a statement to CyberGuy, ADT said its response worked as intended:

“ADT’s protocols performed as designed: the breach was identified quickly, the threat was contained, and the scope was limited. ADT has directly notified all impacted individuals and will offer complimentary identity protection services as appropriate. Protecting customers is not just a priority; it is the foundation of what ADT does. The company remains committed to investing in and strengthening the cybersecurity infrastructure that its customers and their families depend on.”

ADT says the stolen data included names, phone numbers and addresses, giving attackers enough detail to target victims directly.

Credit: ADT

 

Why the ADT data breach matters for you

On the surface, this breach may seem limited. No financial data. No system control. That sounds contained. The reality is more complicated.

Names, phone numbers and addresses create a powerful starting point for scams. Add even partial Social Security data, and the risk increases. Criminals can use that information to impersonate companies, reset accounts or trick victims into handing over more sensitive details.

This also raises a bigger issue. Even companies focused on security can become targets. That should change how you think about your own exposure.

.

 

ADT’s history of data breaches

This isn’t the first time ADT has dealt with a data breach. The company disclosed incidents in August and October of 2024 that exposed customer and employee information.

When breaches happen more than once, it raises questions about internal security practices and how attackers keep finding a way in.

At the same time, it highlights a broader trend. Cybercriminal groups like ShinyHunters are focusing on identity systems and employee access instead of traditional hacking methods.

The incident shows how a single compromised account can expose customer data stored across platforms like Salesforce.

Credit: ADT

 

Ways to stay safe after a data breach

After a breach like this, the goal is to reduce how much attackers can do with your information and make yourself a harder target going forward.

 

1) Watch for targeted scams

If someone claims to be from a company like ADT, pause before responding. Scammers often use real details to sound convincing. Hang up and contact the company directly using a verified number.

 

2) Limit your exposed personal data

Consider using a personal data removal service such as Incogni. These tools help remove your information from data broker sites, which reduces what scammers can find about you online.

Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.

Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.

  • Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
  • Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
  • The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.

CyberGuy Exclusive: 60% off

CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.

The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.

Get Incogni and remove your info
Get Incogni’s Family Plan

   

 

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

 

3) Add identity theft monitoring

Identity theft monitoring, such as Aura, can alert you to suspicious activity tied to your name or Social Security number early, which gives you a chance to act before damage spreads.

One of the best parts of my top pick, Aura: Identity Theft Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.

 

4) Strengthen your passwords and account security

Use a password manager like NordPass to create and store strong, unique passwords. If you reused passwords anywhere, especially on email or banking accounts, update them right away to prevent account takeovers.

 

5) Turn on two-factor authentication

Adding an extra login step, such as two-factor authentication (2FA), makes it much harder for attackers to break into your accounts, even if they have your credentials.

 

6) Keep your devices protected

Make sure your devices run updated security software. Many modern tools can detect suspicious activity before it turns into a bigger problem.

 

7) Freeze your credit if sensitive data was exposed

If your Social Security number or even part of it may be involved, consider placing a credit freeze with the major bureaus. This prevents new accounts from being opened in your name without your approval.

 

8) Review your financial and account activity

Keep an eye on bank accounts, credit cards and important logins for unusual activity. Even small, unfamiliar charges or login alerts can be an early warning sign.

 

9) Use strong antivirus protection

Install and maintain strong antivirus software, such as Norton Antivirus Plus, on your devices. It can detect suspicious activity, block malware and help stop threats before they gain access to your data.

 

10) Be cautious with account recovery attempts

Attackers often try to reset your passwords using information they already have. If you get unexpected password reset emails or codes, treat them as a warning sign, not a routine message.

 

11) Opt for a reliable home security system

While ADT is one of the largest home security companies in the US, the recent breach of customer information highlights potential vulnerabilities despite the company’s assurance that home security systems were not compromised. There are many other options in the market, whether you prefer a professionally installed system or a do-it-yourself one.

For reference, you can check out my guide on the best home security systems, where I’ve listed four of my favorite options. You might also want to find out if your home insurance offers a discount for installing robust security protection. I recently switched from our older ADT system and upgraded to the more thoughtfully designed technology available from Vivint

Vivint Smart Home Alarm Systems provide a sophisticated security solution professionally installed for optimal home protection. These systems are known for their smart security capabilities, offering high-quality products that integrate seamlessly for comprehensive coverage. The system includes 24/7 professional monitoring, ensuring constant vigilance, and advanced automation options that allow you to control various aspects of your home remotely.

The wireless equipment, such as sensors and cameras, works in unison to prevent unauthorized entry and capture clear, quality footage. Customers appreciate the accurate sensor response and the convenience of customizing settings via the mobile app. Overall, Vivint’s alarm systems are my top choice for those seeking reliable and advanced home security solutions.

SPECIAL OFFER: 

Get a FREE Vivint Doorbell Camera Pro* | Call with code CYBERGUY

Click here or call now for a free quote at 833-465-4747 You can chat with a Smart Home Pro and get answers to all your home security questions.

Vivint

 

 

Related Links: 

 

 

Kurt’s key takeaways

If your data was part of this breach, the risk does not end with the initial incident. In many cases, it is just getting started. You may begin to see more targeted scam calls or emails. Messages might include your name or reference your address to appear legitimate. That level of detail can make even cautious people hesitate. Even if you have never used ADT, this is a reminder of how often personal data circulates behind the scenes. Once it is out there, it can be reused in ways you never expected. The bigger takeaway is simple. Breaches like this are less about a single company and more about how exposed personal data has become across the board.

Should companies like ADT be doing a better job protecting your data, especially after repeated breaches? Let us know in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2026 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.