Alert360 securiity systems — Image by Alert360

Alert 360, the fifth-largest home and business security systems provider in the US, has been claimed by ShinyHunters, along with 2.5 million records allegedly dumped on the dark web after the company refused to pay a ransom demand.

Shiny Hunters says it hit Alert360 and dumped 2.5 million records after ransom talks broke down.
That matters because security providers can hold sensitive customer, employee, and surveillance-related data.
The leak also adds to a widening 2026 spree in which Shiny Hunters has targeted a string of major organizations.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

ShinyHunters listed the Oklahoma-based 24/7 monitoring and surveillance firm on its victim blog Thursday, and provided a download link to the purported 10GB of compressed data.

“Over 2.5M records containing PII and other internal corporate data have been compromised,” the cybercriminals wrote in the entry.

ShinyHunters Alert 360 ransomware attack — Shiny Hunters listed Alert 360 on its leak site Thursday. Image by Cybernews

ShinyHunters also claimed that it dumped the stolen files after communications between the two parties broke down.

“Please read the chatlog of the negotiation by clicking the Download button below to see why this data was leaked,” it said.

Cybernews was unable to view the chatlog after multiple attempts, but according to ShinyHunters’ “Information” page, an organization would only be outed on the leak site for three reasons:

You failed to respond to us when we made multiple attempts to write you.
We failed to come to an agreement to prevent the release of the data and the deletion of the data.
You didn't make the right decision. Instead, you took advice of law enforcement or a third party firm. You were wrong.

The group claims that by the time an organization is listed on the site, it is too late – except in rare cases – meaning unless the company reverses course and agrees to fork over the ransom demand.

Cybernews has reached out to Alert 360 for comment and will update the story if we recieve a response.

Alert 360 home security products — Alert 360 sells a range of surveillance and monitoring products. Image by Alert360

What stolen security system data can reveal

It’s unknown when the Alert 360 breach took place, what type of information was compromised, or how much bitcoin the group demanded in exchange for the company’s files.

Still, security systems can store a plethora of information about homeowners and businesses, including their staff.

Besides traditional security detection events, personally identifiable information (PII), and financial data, these systems can reveal “highly detailed surveillance footage and behavioral analytics” of both customers and employees, according to Canadian firm Wilsons Security.

“The most underrated feature in modern security is analytics. People install cameras for evidence, but the real value is the data those cameras generate. Heat mapping, people counting, and behavioral alerts provide business intelligence, not just footage,” says Christina Weagle a sales consultant at Wilsons Security.

Alert 360 video monitoring — Security systems providers can hold highly-sensitive customer, employee, and surveillance data. Image by Alert 360

Founded in 1973 and headquartered in Tulsa, the Guardian Security Systems rebrand has about 200,000 subscribers across 27 states and more than two dozen branch locations, including in Arizona, California, Georgia, and Texas.

With over 500 employees nationwide, the company’s annual revenue is listed as $398.5 Million by ZoomInfo.

The security giant offers an array of smart home and business security systems, ranging from live stream security cameras, alarm systems, and home automation to intrusion detection, energy management, and CCTV systems.

Its 24-hour video surveillance products include remote and mobile surveillance units (MSUs), solar surveillance units (SSUs), and drone patrol, according to its website.

Alert 360 US locations map — Alert 360 has a presence in 27 US states. Image by Alert 360

ShinyHunters widens its 2026 spree

Meanwhile, ShinyHunters has been observed ramping up its attacks on high-profile organizations since the start of 2026.

In just the past several weeks, the group has claimed attacks on Amtrak, RockStar Games, Hims & Hers, Hallmark, the European Commission, and Ameriprise Financial.

Researchers say the spate of attacks stem from a sophisticated IT worker vishing campaign that tricks employees into handing over their credentials with the hackers gaining access to systems via Okta’s identity access management platform.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

The well-known cybercrime and extortion gang has also been previously linked to multiple large-scale data theft campaigns, including last year’s heist of Salesforce CRM data that targeted enterprise cloud services and customer databases.

In what the Google Threat Intelligence Group (GTIG) has called “a significant expansion and escalation in the operations,” in early February, the extortionists claimed breaches at dating sites Bumble and Match Group’s Hinge, Match, and OkCupid services, among many others.