HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

ADT faces data breach affecting 30,000

Written by Abby Grifno | Aug 15, 2024 1:05:27 PM

The home security firm has confirmed a breach of their internal systems.

 

What happened

ADT Inc, a Florida-based security, fire protection, and alarm monitoring company, recently faced a data breach. ADT serves businesses and homes, even offering email cybersecurity solutions designed to filter out phishing and spam attempts.  

The company filed a report with the United States Securities and Exchange Commission (SEC) on August 3rd.

ADT said that only a small amount of subscribers were impacted, and those patients have since been notified. According to a TechCrunch report, approximately 30,000 records were stolen. Records included phone numbers, physical addresses, and email addresses. Financial and other private information, like Social Security numbers, were not impacted. 

According to TechCrunch, the breach first came to light on July 31st, when a seller claimed to have the data on a cybercrime forum. 

 

What was said

In the SEC report, ADT stated that “Unauthorized actors illegally accessed certain databases containing ADT customer order information…After becoming aware of the incident, the company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts.” 

ADT added they have “no reason to believe that customers’ home security systems were compromised during this incident.” The company says it will be continuing to investigate the incident, but currently believes the attack has “not materially impacted its operations” or its financial status. 

 

Why it matters

The incident highlights how attackers do not always communicate with their victims. In this case, it appears that a malicious actor stole information and then immediately made efforts to sell or publish the data and may not have notified ADT of the attack. 

Details of the attack, such as how it occurred or what may have led to the vulnerability, have not yet been revealed. Often, organizations keep this information private to prevent an investigation from being hindered. 

For ADT, this isn’t the first time the company has experienced security issues. In 2021, a former technician confessed to viewing customer security cameras by adding his own email to customer accounts. 

 

The bottom line

While data breaches continue to increase, ADT has seemingly taken swift action to prevent downed operations and ensure data is secured. 

Nevertheless, it’s become common for organizations to face lawsuits after a breach. While a class action suit has not yet been filed, Top Class Actions has already begun discussing the possibility of a case, which could be filed if impacted individuals believe ADT was negligent in securing data.   

Related: HIPAA Compliant Email: The Definitive Guide.