Home security provider ADT has confirmed a cyber intrusion involving unauthorized access to customer data after the hacking group ShinyHunters claimed to have stolen over 10 million records.

Key Points

• ADT detected unauthorized access to its cloud-based environments on April 20, 2024.
• The company stated that stolen data includes names, phone numbers, addresses, and partial Social Security or tax ID numbers.
• The hacking group ShinyHunters claims to have exfiltrated 10 million Salesforce records containing personally identifiable information.
• Security monitoring service Have I Been Pwned identified 5.5 million unique email addresses affected by the breach.
• ADT confirmed that no customer home security systems or payment information were compromised during the incident.

Why it Matters

This breach highlights the significant risks companies face when managing sensitive customer data within third-party cloud environments like Salesforce. The discrepancy between corporate reporting and attacker claims underscores the ongoing challenge of transparency and data security for major service providers.