ADT home security systems hacked for second time in two months


ADT, a leading provider of business and home security systems in the US, announced Monday that an unauthorized third party had gained access to its networks for the second time since August.

The Florida-based home security solutions company filed a notification with the US Securities and Exchange Commission (SEC) on Monday, stating that the breach occurred via an unnamed third-party company that ADT is partnered with.

“ADT recently became aware of unauthorized activity on the Company’s network,” it said in the 8K SEC filing.

ADVERTISEMENT

The company stated it had “discovered an unauthorized actor had illegally accessed ADT’s network, as early as October 2nd, using compromised credentials obtained through a third-party business partner.”

Because of the containment measures, some of ADT’s operations have been disrupted, the company said, without providing specifics.

Besides taking appropriate countermeasures to “shut down the unauthorized access,” ADT said it notified the third party “its systems had been compromised” and is now “coordinating closely” with that business partner, outside security experts, and federal law enforcement to investigate and mitigate the incident.

ADT breached twice
US Securities and Exchange Commission 8K filing October 7th, 2024. image by Cybernews.

Although early in the “ongoing investigation,” ADT stated that it appears the bad actor was able to access and exfiltrate “certain encrypted internal ADT data associated with employee user accounts during the intrusion.”

ADT did say it believes the sensitive data of its 6.5 million customers was not compromised, including the home security systems of those customers.

It’s the second time ADT has experienced a network infiltration in the past 60 days.

Cybernews reported on August 8th, in another SEC 8K filing, ADT found unauthorized threat actors had compromised its systems, gaining access to customer databases that were put up for sale on the dark marketplace BreachForums.

ADVERTISEMENT

During the August ADT breach, “limited customer information,” such as email addresses, phone numbers, and addresses, was accessed, ADT said at the time. No home security systems were compromised in that attack either.

The hackers claimed to have stolen over “30,812 records, including 30,400 unique emails” from ADT systems, although that could not be officially confirmed, the database, which Cybernews viewed a sample of, also appeared to contain customer order ID numbers, the exact products purchased, and URLs to customers’ portals.

Founded in 1874, the American security services company provides smart home and small business security services, including equipment, installation, CCTV, fire protection, and other in-house alarm-type monitoring services across the US, Canada, and the UK.

Cybernews contacted ADT for a statement, but did not receive a response for either incident.