Home security provider ADT has confirmed a cybersecurity incident following claims by the ShinyHunters group that it had stolen millions of customer records and would release the data if a ransom is not paid.
The company disclosed that it detected unauthorized access to a limited portion of customer and prospective customer data on April 20, triggering an internal response that included containment measures, a forensic investigation, and notification of law enforcement.
The confirmation came shortly after ADT appeared on ShinyHunters’ leak site, where the group alleged it had exfiltrated more than 10 million records containing personally identifiable information and internal corporate data. The attackers issued a “pay or leak” ultimatum, warning the company to make contact before an April 27 deadline or face public exposure of the stolen data.
While ADT has not verified the full scale of the claims, the company acknowledged that sensitive customer data was accessed. According to available disclosures, the compromised information may include names, phone numbers, addresses, dates of birth, and, in some cases, partial Social Security or tax identification numbers.
The incident reflects a familiar pattern associated with ShinyHunters, which has increasingly relied on data exfiltration and extortion rather than traditional ransomware encryption. In such operations, attackers prioritize stealing large datasets and leveraging the threat of public leaks to pressure victims into payment.
Reports indicate that the breach may be linked to social engineering tactics targeting enterprise access systems, including single sign-on environments and connected cloud services. These methods typically involve tricking employees into revealing credentials, allowing attackers to bypass perimeter defenses and access sensitive systems without exploiting software vulnerabilities.
ADT stated that it acted quickly to terminate the intrusion once detected and is working with external cybersecurity experts to assess the scope and impact. The company has not disclosed the total number of affected individuals and continues to investigate the incident.
The case underscores ongoing risks facing organizations that handle large volumes of consumer data, including those in the security sector. Even companies focused on physical and digital protection remain vulnerable to credential-based attacks and extortion campaigns that exploit human factors rather than technical weaknesses.
The situation remains active, with no confirmation on whether negotiations are underway or if any data has been released.