ADT Data Breach Exposes Sensitive Personal Information for 5.5M Accounts

ADT Inc., an American home security company that serves more than 6 million customers, disclosed a data breach in April 2026 that affected approximately 5.5 million accounts, according to Have I Been Pwned.

The company disclosed the breach to the Securities and Exchange Commission on April 20, 2026, reporting that it had discovered unauthorized access to certain cloud-based environments on that date.

According to Bleeping Computer, the breach was carried out by an extortion group known as ShinyHunters. The group alleges it breached ADT by compromising an employee's Okta single sign-on account through a voice phishing attack, also known as vishing. Using this compromised account, the attackers said they gained access to and stole data from the company's Salesforce instance.

On April 23, 2026, ShinyHunters listed ADT on its dark web leak site, claiming to have stolen over 10 million Salesforce records containing personally identifiable information and other internal corporate data.

After ADT did not reach an agreement with the group, ShinyHunters leaked an 11 GB archive of stolen data on its dark web site.

ADT told Bleeping Computer that the types of information exposed included names, email addresses, phone numbers and physical addresses. The company confirmed that no payment information, including bank accounts or credit cards, was accessed.

ADT's response to the breach

ADT claims that only limited customer and prospective customer data was accessed. The company said it does not believe the incident is reasonably likely to have a material impact on its financial condition, results of operations or ongoing business operations.

ADT continues to assess the scope and impact of the incident.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with the three major credit bureaus. Because partial Social Security numbers and Tax IDs were exposed for some individuals in this breach, contact Equifax (1-800-525-6285), Experian (1-888-397-3742) and TransUnion (1-800-680-7289) to add protections to your credit file.
• Review your credit reports for unfamiliar accounts. Request free copies at AnnualCreditReport.com and look for any accounts or inquiries you do not recognize.
• Be cautious of phishing attempts that reference ADT or this breach by name. Scammers may send emails or texts pretending to be from ADT in an attempt to collect additional personal information.
• Watch for suspicious phone calls and text messages. Since phone numbers were part of the exposed data, be wary of unexpected calls or texts asking for personal or financial information.
• Monitor your mail for unusual correspondence. Because physical addresses were also exposed, watch for unexpected mail or signs that someone may be misusing your identity.