ADT admits security breach after hackers advertise stolen data on the dark web
Image: ADT
Security company ADT disclosed in an SEC filing that hackers obtained “some limited customer information, including email addresses, phone numbers and postal addresses.” TechCrunch reports that ADT’s disclosure follows a seller on a cybercrime forum claiming last week that they had obtained more than 30,000 stolen ADT customer records.
The hackers obtained the information by accessing “certain databases containing ADT customer order information,” according to ADT. The company believes that only a “small percentage” of its subscribers were affected and says it has notified those customers. (ADT has about 6 million customers, according to a June blog post.) ADT says that it has “no reason to believe” that the hackers compromised home security systems and that credit card data and banking information weren’t taken.
“Our customers’ privacy and security is our utmost priority, and we have taken several steps to help keep their information safe, including immediately activating rigorous cybersecurity protocols,” ADT spokesperson Ben Tamblyn says in a statement.
Here’s the relevant text from ADT’s SEC filing:
ADT Inc. (“ADT” or the “Company”) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses.
Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base. While the investigation remains ongoing, as of the date of this filing, the Company believes this cybersecurity incident has not materially impacted its operations and does not expect that this incident is reasonably likely to have a material impact on the Company’s overall financial condition, results of operations, or ability to meet its 2024 financial guidance.
Image: ADT
Security company ADT disclosed in an SEC filing that hackers obtained “some limited customer information, including email addresses, phone numbers and postal addresses.” TechCrunch reports that ADT’s disclosure follows a seller on a cybercrime forum claiming last week that they had obtained more than 30,000 stolen ADT customer records.
The hackers obtained the information by accessing “certain databases containing ADT customer order information,” according to ADT. The company believes that only a “small percentage” of its subscribers were affected and says it has notified those customers. (ADT has about 6 million customers, according to a June blog post.) ADT says that it has “no reason to believe” that the hackers compromised home security systems and that credit card data and banking information weren’t taken.
“Our customers’ privacy and security is our utmost priority, and we have taken several steps to help keep their information safe, including immediately activating rigorous cybersecurity protocols,” ADT spokesperson Ben Tamblyn says in a statement.
Here’s the relevant text from ADT’s SEC filing:
ADT Inc. (“ADT” or the “Company”) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses.
Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company’s overall subscriber base. While the investigation remains ongoing, as of the date of this filing, the Company believes this cybersecurity incident has not materially impacted its operations and does not expect that this incident is reasonably likely to have a material impact on the Company’s overall financial condition, results of operations, or ability to meet its 2024 financial guidance.