ADT reveals another major network breach, but says no customer data revealed
Employee data taken in latest ADT breach
ADT has confirmed suffering a cyberattack in which crooks stole sensitive information from its systems.
In an 8-K form filed with the US Securities and Exchange Commission (SEC), the American home security systems provider said it “recently became aware” of unauthorized activity on its network.
The subsequent investigation confirmed that a threat actor managed to access the company’s infrastructure using compromised credentials obtained through a third-party business partner. The company did not say which business partner was compromised - TechRadar Pro has reached out to ADT with further questions.
Ransomware or no ransomware
Before being kicked out, the hackers managed to exfiltrate some information from ADT’s servers, the company confirmed. This includes encrypted data associated with employee user accounts. Customer information, including information regarding their security systems, have not been compromised, ADT confirmed.
To contain the incident, ADT ousted the attacker, and brought in a third-party cybersecurity firm to assist with the investigation and forensic analysis. It also notified the third party of the breach at its infrastructure, and called in law enforcement. It confirmed that its containment measures resulted in “some disruptions” to its IT network, but did not specify further.
"We are investigating a cyberattack on our network. For more information, we direct you to our Form 8-K disclosure filed with the SEC on October 7," an ADT spokesperson told TechRadar Pro.
This is not the first time ADT has had to put out a cybersecurity fire, as it suffered a similar incident in June 2024 that saw threat actors access customer order details, as well as “limited” customer information that included people’s email addresses, phone numbers, and postal addresses.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
At the time, the company said there was no evidence any further customer information such as credit card details or banking information was affected, and that the company's home security systems are also safe. The data was later leaked on the notorious Breached forums by a poster named "netnsher", who claimed to have access to a database containing over 30,812 records, including 30,400 unique emails.
Via BleepingComputer
More from TechRadar Pro
- This detailed malware can hack your systems and turn off your antivirus to do more damage
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.