← Back to incidents

Incident · Unknown

ADT Inc. · ADT

IndustrialsUSAIncident August 1, 2024Filed August 8, 2024
Impact score
Business continuity
Insurance involved
Not disclosed
Filing
8-K · 8.01

Breach taxonomy

UnknownData ExfilPersonal DataInfo Privacy Loss

Summary

ADT experienced a cybersecurity incident in which unauthorized actors illegally accessed databases containing customer order information. The company shut down the unauthorized access and engaged third-party cybersecurity experts. Attackers obtained limited customer information including email addresses, phone numbers, and postal addresses from a small percentage of ADT's subscriber base. Customer home security systems were not compromised and no credit card or banking information was obtained. Filed under Item 8.01; company determined the incident was not material.

Tagging rationale

ThreatUnknown

Filing refers to 'unauthorized actors' without attributing to a specific actor category → UNKNOWN.

MethodsData Exfil

Unauthorized actors gained access to customer databases and actively exfiltrated customer contact information → DATA-EXFIL.

AssetsPersonal Data

Attackers accessed databases containing customer order information and obtained email addresses, phone numbers, and postal addresses → PERSONAL-DATA.

EffectsInfo Privacy Loss

Customer personal contact information (email, phone, address) was exfiltrated; no operational disruption or financial fraud → INFO-PRIVACY-LOSS.

Impact

Limited customer PII (email, phone, address) from a small percentage of ADT's subscriber base; no financial data, no system compromise, non-material per company → score 2.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt
Item 8.01 Other Information. ADT Inc. (ADT or the Company) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses. Based on its investigation to date, the Company has no reason to believe that customers' home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company's overall subscriber base.
View SEC filingBack to database

More in Industrials

Unknown · March 11, 2026

Trio-Tech International, Inc.

On March 11, 2026, a Singapore-based subsidiary of Trio-Tech International experienced a ransomware attack that encrypted files on the compa

Unknown · February 14, 2026

UFP Technologies, Inc.

On or about February 14, 2026, UFP Technologies detected unauthorized access to its IT systems, affecting billing and label-making functions

Unknown · September 19, 2025

RTX Corporation

On September 19, 2025, RTX Corporation identified a ransomware incident on systems supporting its Multi-User System Environment (MUSE) passe

Unknown · June 23, 2025

Alaska Air Group, Inc.

On June 23, 2025, Hawaiian Airlines, a subsidiary of Alaska Air Group, Inc., identified a cybersecurity incident affecting certain informati