ADT confirms data breach after customer info leaked on hacking forum

American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum.

ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States.

In a Thursday morning Form 8-K regulatory filing with the Securities and Exchange Commission (SEC), ADT says threat actors breached some of its databases and stole customer information.

"ADT Inc. recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information," reads the 8-K filing.

"After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts."

"The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers, and postal addresses."

An investigation into the breach revealed that the exposed data includes limited customer information, email addresses, and locations.

Despite the cybersecurity incident, ADT says there is no evidence that customers' home security systems have been compromised. Also, ADT does not believe the attackers stole customers' credit card data or banking information.

ADT noted that affected people represent a small percentage of the company's overall client base; however, they did not provide any figures.

ADT data leaked on a hacking forum

While ADT did not share many details about the attack, on July 31st, a threat actor known as 'netnsher' leaked customer data allegedly stolen from ADT.

The threat actor says the leaked data includes 30,800 customer records, including customer emails, complete addresses, user IDs, and the products purchased.

In early July, another threat actor claimed to have leaked corporate files stolen from ADT in 2020-2023, but it is not believed to be related to this incident.

BleepingComputer has contacted ADT to learn more about the cyberattack, but a statement wasn't immediately available.