**ADT** has acknowledged a data breach after the **ShinyHunters** extortion group threatened to leak stolen data unless a ransom is paid. The company detected unauthorized access to customer and prospective customer data on April 20th, initiating an investigation and terminating the intrusion. This incident marks another in a series of security challenges for the home security provider. ## Breach Details The investigation confirmed that personal information was compromised during the breach. According to **ADT**, the stolen information was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were also included. Critically, **ADT** stated that no payment information, including bank accounts or credit cards, was accessed, and customer security systems were not affected. **ADT** maintains that the intrusion was limited and that all affected individuals have been contacted. ## ShinyHunters' Claims The breach came to light after **ADT** was listed on the **ShinyHunters** data leak site. The attackers claim to have stolen over 10 million records containing customers' personal information. Their message on the leak site states: "Over 10M records containing PII and other internal corporate data have been compromised. Pay or Leak. This is a final warning to reach out by 27 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way."  **ADT** has not confirmed the volume of data theft claimed by **ShinyHunters**. ## Vishing Attack Vector **ShinyHunters** claims they breached **ADT** through a voice phishing (vishing) attack that compromised an employee’s **Okta** single sign-on (SSO) account. Using this compromised account, the threat actors allegedly accessed and stole data from the company's **Salesforce** instance. The extortion group has been conducting widespread vishing campaigns targeting employees' **Microsoft Entra**, **Okta**, and **Google** SSO accounts. After gaining access, they steal data from connected SaaS applications such as **Salesforce**, **Microsoft 365**, **Google Workspace**, **SAP**, **Slack**, **Adobe**, **Atlassian**, **Zendesk**, **Dropbox**, and others. This stolen data is then used for extortion. **ADT** has previously disclosed data breaches in August and October 2024 that exposed customer and employee information.