Security research group ShinyHunters breached ADT systems and exposed personal data for 5.5 million individuals. The incident marks the third major data breach affecting the home security provider in 2024.
The ShinyHunters extortion group accessed ADT customer information through a breach of the company's systems, according to findings posted on Have I Been Pwned. The compromised dataset includes personal details for 5.5 million people.
This marks the latest security incident involving ADT, which disclosed separate data breaches in August 2024 and October 2024. The repeated incidents raise questions about the company's security infrastructure and incident response protocols.
ShinyHunters is known for conducting extortion campaigns following data theft operations. The group typically demands payment in exchange for not publicly releasing or selling stolen information.
Affected individuals face potential risks including identity theft, phishing attacks, and unauthorized account access. ADT customers exposed in previous 2024 breaches have already experienced compromised credentials and personal information.
The data exposure comes as home security companies increasingly become targets for cybercriminals. ADT's repeated breaches within a single year suggest systemic vulnerabilities that require immediate remediation.
Have I Been Pwned, operated by security researcher Troy Hunt, aggregates breached datasets to help individuals determine if their personal information has been compromised. The service allows users to check if their email addresses appear in known data breaches.
ADT has not issued a public statement regarding this specific incident at the time of reporting. Customers concerned about their data should monitor their accounts for suspicious activity and consider credit monitoring services.
The pattern of successive breaches highlights the ongoing challenge organizations face in protecting customer data against determined threat actors.
Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.
Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.