The breach was initiated by a voice phishing (vishing) attack that compromised an employee's Okta single sign-on account, which the threat actor ShinyHunters then used to gain unauthorized access to ADT's Salesforce instance. The compromised data includes customer names, phone numbers, addresses, and in some cases, dates of birth and partial Social Security or Tax ID numbers. This incident highlights the risk of social engineering attacks targeting identity and access management systems to exfiltrate sensitive customer data.
Data Security , Breach , Phishing ADT confirms data breach after ShinyHunters threatens data leak April 27, 2026 Share By SC Staff (Adobe Stock) Home security provider ADT has confirmed a data breach following threats from the ShinyHunters extortion group to leak stolen customer information. The company detected unauthorized access on April 20, leading to an investigation that confirmed personal data was compromised, according to a recent report by Bleeping Computer. The breach affected customer and prospective customer data, including names, phone numbers, and addresses. In a subset of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also accessed. ADT stated that no payment information or security systems were compromised. ShinyHunters claimed to have stolen over 10 million records and alleged the breach occurred via a voice phishing attack that compromised an employee's Okta single sign-on account, granting access to the company's Salesforce instance. This follows previous data breaches disclosed by ADT in August and October 2024. Source: Bleeping Computer SC Staff Related Security Operations French police arrest hacker ‘HexDex’ for alleged widespread data theft SC Staff April 27, 2026 The investigation began in late December 2025 following approximately 100 reports of data theft. Data Security BlackFile hackers target retail, hospitality with vishing and data extortion SC Staff April 27, 2026 BlackFile initiates attacks through voice phishing (vishing) calls, using spoofed numbers to impersonate IT support. Data Security Controlling AI at machine speed: Detecting risk, protecting systems, and reversing mistakes Paul Wagenseil April 24, 2026 Managing the behavior of AI agents requires a data-centric, continuous, and adaptive new approach to security. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Attack Vector Byte Cipher Ciphertext Cryptographic Hash Functions Data Aggregation Data Loss Prevention (DLP) Decryption Diffie-Hellman Digital Signature You can skip this ad in 5 seconds