Business Services / Home & Business Security / Consumer / USA
US home- and business-security and smart-home monitoring provider.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
On April 20, 2026, an attacker used vishing to compromise an ADT employee's Okta SSO credentials and accessed its Salesforce instance. ShinyHunters claimed 10 million records; analysis confirmed about 5.5 million, including names, phone numbers and addresses, with a small percentage also containing dates of birth and the last four digits of SSNs or tax IDs. ADT said no payment data or security-system data was accessed.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
6.2M rows records analyzed
ADT is a major US provider of home- and business-security and smart-home monitoring services, serving millions of residential and commercial subscribers.
A security-monitoring provider holds customer identity and contact data, service addresses and, for some records, dates of birth and partial government/tax identifiers.
ADT detected and terminated the intrusion on April 20, 2026 and confirmed the breach publicly on April 24 as part of the ShinyHunters SSO-to-SaaS campaign.
ADT notified customers and prospects and faced extortion pressure and litigation; notably, no alarm-system or payment data was exposed, limiting physical-security risk.
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal this is targeting-grade, not merely identity-theft-grade: the combination lets an adversary locate, impersonate, or pressure the principal with little additional work.
Motivation: Financial extortion, data sale
A prolific data theft and extortion group that began as a database theft and resale actor and evolved toward SaaS-focused extortion. Recent activity involves vishing, credential harvesting, SSO compromise, and theft of customer data from cloud and SaaS environments.
Because being associated with this breach can itself be harmful, we do not confirm whether anyone appears in it to unverified parties. Verify your identity to privately check whether your own data appears in this breach or related indexes.
We will only reveal whether a specific person appears in this breach to that person.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation