5.5 million hit in latest ADT data breach with hackers already leaking stolen personal info online — how to stay safe

News
By published

Full names, addresses, phone numbers and more exposed

A Secured by ADT sign on a lawn
(Image credit: Shutterstock)

Home security giant ADT revealed it was hit by a major data breach carried out by the notorious ShinyHunters extortion group earlier this month. Thanks to the data breach notification service Have I Been Pwned, though, we now know that 5.5 million individuals are affected.

As reported by BleepingComputer, the hackers managed to gain unauthorized access to ADT customer and corporate data on April 20 after breaching its systems. The home security firm detected the intrusion immediately, revoked the hackers’ access, and launched an investigation into the matter.

Article continues below

Here’s everything you need to know about this latest breach, including what kind of personal data was stolen and the steps ADT customers should take right now to protect themselves.

From stolen to leaked data

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

After learning about this data breach, BleepingComputer reached out to ADT to confirm whether or not ShinyHunters’ claim that they had stolen over 10 million records containing both customer and corporate data was true. The company provided further insight on the matter and explained that the intrusion by the group was limited.

When it comes to what types of customer data were stolen, ADT says that names, phone numbers, and physical addresses made up the bulk of these records. However, in some cases, dates of birth, the last four digits of Social Security numbers, or Tax IDs were also exposed.

Fortunately, though, no payment information like credit card data or bank account numbers was accessed by ShinyHunters. The group initially tried to extort ADT by threatening to leak this stolen data online. When the company didn’t pay up, ShinyHunters leaked an 11GB archive of stolen data on the dark web via its leak site.

At the time of writing, ADT has yet to disclose how many individuals are affected by this breach. By analyzing the stolen data, Have I Been Pwned determined that 5.5 million people are directly impacted by this breach.

ShinyHunters isn’t resting on its laurels, though, as the group also claimed last week that it stole over 9 million records from the medical device maker Medtronic. Likewise, the group has also successfully breached the European Commission, Rockstar Games, McGraw-Hill, 7-Eleven, Carnival, Zara, and Udemy in recent weeks.

How to stay safe after a data breach

An open lock depicting a data breach

(Image credit: Shutterstock)

Finding out that a company you do business with or even one you don’t deal with directly has fallen victim to a data breach can be quite scary. If you’re an ADT customer, there are steps you can take right now to minimize the damage and prevent falling victim to any follow-up attacks.

ADT has already confirmed the breach and has begun the process of sending out data breach notification letters to affected individuals. In these notices, companies explain exactly what happened to the relevant authorities and detail the steps they’ve taken to ensure something like this doesn’t happen again. Likewise, they also lay out how they’re going to make things right for affected customers and individuals.

ADT customers caught up in this breach will receive this notice in the mail. It will tell you the types of your data that were exposed, along with some guidance on how to stay safe after a breach. ADT has already committed to providing free access to one of the best identity theft protection services to impacted individuals. However, you’ll likely need a code found in your data breach notification letter to take advantage of this offer.

As such, you should be keeping a close eye on your mailbox as data breach notification letters arrive the old-fashioned way, as opposed to over email or via text. In the meantime, you’re also going to want to be extra careful when checking your inbox. Since email addresses were exposed, ShinyHunters or even other hackers they sell this stolen info to could try to use it to launch targeted phishing attacks against impacted individuals.

Given that these phishing emails could contain malicious links or even malware, you’re going to want to keep your PC protected with the best antivirus software and your Apple computer secured with the best Mac antivirus software. That way, you’ll be protected from any potential threats. I wouldn’t rush out and sign up for identity theft protection just yet, though, as ADT is providing a free subscription to those affected.

The ShinyHunters group shows no sign of slowing down just yet, which is why every company should be taking this threat very seriously. Hopefully, law enforcement is able to catch and stop these hackers sooner rather than later.

Google News

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds. Subscribe to Tom's Guide on YouTube and follow us on TikTok.

More from Tom's Guide

Anthony Spadafora
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.