Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum — “Pay or Leak.”
ADT, headquartered in Boca Raton, Florida, disclosed the incident via a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC) on April 24, 2026, stating that it became aware of unauthorized access to certain cloud-based environments on April 20, 2026.
The incident came to light after ShinyHunters posted a listing on their dark web data leak site, claiming to have compromised “over 10 million records containing PII and other internal corporate data.” The group issued a chilling final warning: “Reach out by 27 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”
ShinyHunters claimed the breach was carried out through a voice phishing (vishing) attack that successfully compromised an employee’s Okta single sign-on (SSO) account.
Using this foothold, the threat actors allegedly accessed and exfiltrated data from ADT’s Salesforce instance. This tactic, impersonating IT support to manipulate employees into granting internal system access, is a hallmark method associated with ShinyHunters’ operations.
ADT’s investigation determined that the exposed data was limited to a set of customer and prospective customer records. According to PCMag, the compromised information primarily included names, phone numbers, and home addresses.
In some cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. ADT confirmed that no financial information, such as bank account or credit card data, was accessed, and that customer home security systems remained secure and fully operational.
Upon detecting the intrusion, ADT promptly terminated the unauthorized access, activated its Incident Response Plan (IRP), engaged third-party cybersecurity experts for a forensic investigation, and notified law enforcement.
The company stated it has “directly notified all impacted individuals” and will provide complimentary identity protection services where necessary.
ADT’s 8-K filing stressed that the company does not believe the incident is “reasonably likely to have a material impact” on its financial condition or ongoing business operations, though the full scope of the breach remains under assessment.
This is not ADT’s first rodeo with data breaches. The company previously disclosed two separate security incidents in August and October 2024, both of which exposed customer and employee information.
The latest ShinyHunters extortion campaign raises serious questions about ADT’s cloud security posture and access control hygiene, particularly around employee authentication mechanisms like SSO platforms. With the threat actor’s April 27 deadline looming, the security community is closely watching whether ADT will comply, negotiate, or call the bluff.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
