US building security giant ADT confirmed it suffered a data breach after threat actors allegedly stole customer data on a popular hacking forum.
ADT is a publicly traded American company specializing in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has annual revenue of $4.98 billion, and serves approximately 6 million customers at 200 locations in the United States.
In a Form 8-K regulatory filing Thursday morning with the Securities and Exchange Commission (SEC), ADT says threat actors breached some of its databases and stole customer information.
“ADT Inc. recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.” 8-K filing reads..
“Upon becoming aware of the incident, the company immediately took steps to shut down unauthorized access and launched an investigation, partnering with industry-leading third-party cybersecurity experts.”
“The attackers nevertheless obtained some limited user information, including email addresses, phone numbers, and postal addresses.”
An investigation into the breach revealed that the exposed data included limited customer information, email addresses and locations.
Despite the cybersecurity incident, ADT says there is no evidence that customers’ home security systems have been compromised. Also, ADT does not believe the attackers stole customers’ credit card data or banking information.
ADT noted that the affected individuals represent a small percentage of the company’s total client base. However, they did not provide any data.
ADT data leaked on hacking forum.
Although ADT did not share many details about the attack, on July 31, a threat actor known as ‘netnsher’ leaked customer data allegedly stolen from ADT.
The threat actor says the leaked data includes 30,800 customer records, including customer emails, full addresses, user IDs and products purchased.
In early July, another threat actor claimed to have leaked corporate files stolen from ADT in 2020-2023, but is not believed to be related to the incident.
BleepingComputer has reached out to ADT to learn more about the cyberattack, but a statement was not immediately available.