ADT Breached by ShinyHunters — 5.5 Million Customers Exposed
Home security giant ADT has confirmed a data breach affecting 5.5 million individuals, after the notorious ShinyHunters extortion group stole personal customer information earlier this month. The compromise was independently confirmed by breach notification service Have I Been Pwned (HIBP), which added the dataset to its database.
This marks ShinyHunters' continued pattern of high-profile corporate breaches in 2026, following similar attacks against Canada Goose, Telus Digital, Infinite Campus, and others earlier in the year.
What Was Stolen
ADT's breach notification and HIBP data confirm that the exposed records include a range of customer personal data:
| Data Category | Exposed |
|---|---|
| Full names | Yes |
| Email addresses | Yes |
| Phone numbers | Yes |
| Physical addresses | Yes |
| Account status information | Yes |
| Payment card details | Not confirmed |
| Passwords / credentials | Not confirmed |
The 5.5 million affected individuals include ADT residential security system customers across the United States.
ShinyHunters: Prolific Data Extortion Threat Actor
ShinyHunters is one of the most active data breach and extortion groups operating in 2025–2026. The group is known for:
- Targeting large enterprises with exposed API credentials or third-party integrations
- Extracting large customer databases and offering them for sale on criminal forums
- Publicly naming victims and threatening exposure if ransom demands are not met
- Operating under a "hack, extort, leak" model — different from encryption-focused ransomware groups
The group's 2026 victim list has grown significantly, with ADT joining a roster of high-profile breaches that together have exposed data on tens of millions of individuals.
Timeline
| Date | Event |
|---|---|
| Early April 2026 | ShinyHunters breaches ADT network |
| April 24, 2026 | ADT discloses breach to SEC; ShinyHunters posts leak threat |
| April 25, 2026 | ADT confirms customer data stolen |
| April 27, 2026 | HIBP adds 5.5M records; BleepingComputer reports full scope |
Impact Assessment
The ADT breach carries significant downstream risk for affected customers:
Phishing and Social Engineering
With names, emails, phone numbers, and addresses, threat actors can craft highly convincing phishing emails and vishing (voice phishing) calls. Customers claiming to be ADT support with "urgent security alerts" should be treated with suspicion.
Physical Security Risk
ADT customers' home addresses, combined with their home security system enrollment status, could theoretically be used to identify properties protected by ADT — and by extension, the types of alarms and monitoring in place.
Identity Theft
The combination of names, emails, phone numbers, and addresses is sufficient for identity theft attempts, fraudulent account openings, and SIM-swap attacks.
What Affected Users Should Do
- Check Have I Been Pwned — visit haveibeenpwned.com and search your email address to confirm if you are in the dataset
- Be alert for phishing — do not trust unsolicited calls or emails claiming to be from ADT; contact ADT only through verified phone numbers or the official website
- Enable two-factor authentication on your ADT online account and any accounts sharing the same email
- Freeze your credit if you are concerned about identity theft — contact Equifax, Experian, and TransUnion
- Monitor financial accounts for unusual activity
- Watch for SIM-swap attempts — contact your mobile carrier to add a PIN or verbal password to your account
ADT's Response
ADT has stated that it is notifying affected customers directly and has taken steps to contain the breach. The company confirmed that the intrusion affected "certain corporate IT systems" but has not publicly detailed the attack vector.
As of April 27, 2026, ADT has not confirmed whether payment card data or credential hashes were included in the stolen dataset.
Key Takeaways
- 5.5 million ADT customers had personal information stolen by ShinyHunters in April 2026
- Have I Been Pwned has added the dataset — affected users can check their exposure now
- ShinyHunters continues a prolific 2026 run of high-profile data extortion attacks
- The breach exposes customers to phishing, vishing, and identity theft risks
- ADT customers should enable 2FA, monitor accounts, and be alert to social engineering