Home Security Giant ADT Says It Was Hacked

ADT confirmed this week that it was recently hacked, compromising some customer data. From a report: The home security company did not say when the cyberattack and data breach occurred, but disclosed that the attackers accessed the company's databases containing customer home addresses, email addresses, and phone numbers.

In a brief regulatory filing published late Wednesday, ADT said it has "no reason to believe" that customer home security systems were compromised during the incident, but ADT did not say how it reached that conclusion. The statement said a "small percentage" of customers are affected, but did not provide a more specific number. As of June 2024, ADT said it had six million customers.

By an organized squatter movement?

[RogueWarrior65]

That would be an interesting conspiracy theory and you heard it here first.

it was the white guy from the ad's!

[Joe_Dragon]

it was the white guy from the ad's!

"Limited amount of data leaked"

[BuGless]

I always find it highly ironic that organisations always seem to claim that the amount of data copied/leaked is limited to ... (fill in any random limited scope).
The problem with data is that when it is copied, it does not easily leave a trail like with a normal house burglary where you can simply count the number of items missing from your known inventory.

So basically, unless you have an independent firewall that logs ALL outgoing traffic in unencrypted form, it is impossible to say anything definitive about the (limited) extent of some data breach.

Re:

[NettiWelho]

unless you have an independent firewall that logs ALL outgoing traffic in unencrypted form, it is impossible to say anything definitive about the (limited) extent of some data breach.

their data might be siloed in a manner where a breach in one place still leaves the rest untouchable.

Re:

[BuGless]

True. However, in most organisations I find that they have not siloed at all. It's a very rare practice.

Re:

[MooseTick]

If the data isn't online and you know when the breach happened, it isn't " impossible to say anything definitive about the (limited) extent of some data breach".
They may be able to say no account info older than 12/18/24/36/??? months was breached because that isn't available online.

Re:

[BuGless]

True indeed.

However, in the mainframe days this could have been a common thing, because the data had been shelved on tapes, and is therefore inaccessible quickly by sheer latency to mount and read all the tapes.
Mainframe setups are slowly disappearing though.

Re:

[AmiMoJo]

If they have details of what equipment the homeowner has installed, that's a massive security issue. They will know how to jam/disable it, and what the limitations are. They will know if it is out of date or a model with known exploits.

Re:

[ctilsie242]

What I notice is that it starts with a small amount of data, then that small amount seems to turn into pretty much an entire site image and Microsoft Recall backup of every single machine and server in the company, with every bit of data, down to the employee USB flash drives, all in the BitTorrent dump.

What ever happened to data exfiltration protection and keeping stuff in different silos, perhaps using a VDI, so at worst, an attacker can pop screenshots and get a keylogger, as opposed to just dumping ever

A Security Company

[Virtucon]

A Security Company that is supposed to help protect people and their assets is insecure. It's just another normal day in stupidland.

Re:

[Tablizer]

It's okay, Boeing Security will fix the mess.

Re:

[Virtucon]

I have more faith in world peace being attained in my lifetime.

Ackshually, we know everything about security

[Seven Spirals]

You can bet they have some IT security guys there who probably start off every sentence with "Ackshually," as they lecture customers about security. I haven't found too many CISSP-style security "experts" that can resist doing that when talking down to some 30-years worth-of-experience sysadmins.

Re:

[account_deleted]

Comment removed based on user account deletion

ADT said it had six million customers

[Anonymous Coward]

six million minus one. Calling today to cancel my service.

Not a Reason for Heart Attack

[rally2xs]

Addresses? Phone numbers? Used to be in the phone book. Not a big deal. Email address? Obviously 100's of spammers already have it judging from the amount of that stuff I get, so it's not a top secret classified by the US government either.

Ho, hum...

Use that information to show up here and cause trouble and see what happens. FAAFO!

For all we know

[ZipNada]

... the company might have been breached to the point where the attackers have access to the security systems of the customers who were affected.

And they aren't cheap. For ~$270 you get a base station, one door/window sensor, a yard sign and some stickers. Monitoring 'starts at' $30/month.

Re:

[sarren1901]

Definitely sounds like a good hustle to extract money out of worry warts. Maybe I'm wrong though. Do you get a home insurance discount for having home security cameras? If so, that might help justify wasting money on ADP.

I suppose for some people it's peace of mind.

I seriously doubt if you are the victim of a burglary that these video streams are going to get your stuff back.

Anyone have any insight into this?

Re:For all we know

[ZipNada]

I think you do get a small discount on home insurance if you have a monitored security system (insurance companies ask if you have it), but I doubt it is anywhere near enough to cover the expense.

ADT appears to mainly sell sensors that detect break-ins through windows and doors, or that detect motion when/where there isn't supposed to be any. I am wondering if the 'monitoring' is anything more than an automated call to the local police department.

But if someone got into their system they may have compromised all of that.

Re:

[Local ID10T]

I think you do get a small discount on home insurance if you have a monitored security system (insurance companies ask if you have it), but I doubt it is anywhere near enough to cover the expense.

In many cases the discount is enough to cover the basic monitoring cost (but not the equipment/installation cost) as long as the system covers fire detection as well as intrusion. Rapid response to a house fire is HUGE for reducing insurance payouts.