ShinyHunters breached ADT, stealing names, addresses, SSN last-four digits, and tax IDs for up to 10 million records; no payment data or alarm systems affected.
Key Takeaways
Stolen fields: names, phone numbers, addresses, dates of birth, last four digits of SSNs, and tax IDs – sufficient for identity fraud.
ShinyHunters claimed 10 million records and is threatening to leak unless a ransom is paid; ADT has not confirmed the count.
ADT is offering complimentary identity protection services to impacted individuals and has notified law enforcement.
This is at least the third ADT breach reported to the SEC in two years, signaling persistent systemic exposure.
ShinyHunters recently also hit Rockstar, McGraw Hill, Bumble, Match Group, Canada Goose, UPenn, and the European Commission after briefly being disrupted by law enforcement.
Hacker News Comment Review
Commenters flagged a clear pattern: ADT has a documented multi-year breach history, including a 2024 customer data incident and a 2015 alarm-system hack with 78 HN points.
The 2021 “hack” reference was contested – a reply noted it was a rogue employee voyeurism case, not an external intrusion, highlighting how ADT’s security reputation conflates distinct incident types.
