Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

ADT Inc. Unknown (2024) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

ADT Inc. · ADT

IndustrialsUSAIncident August 1, 2024Filed August 8, 2024

Impact score

Business continuity

—

Insurance involved

Not disclosed

Filing

8-K · 8.01

Breach taxonomy

UnknownData ExfilPersonal DataInfo Privacy Loss

Summary

ADT experienced a cybersecurity incident in which unauthorized actors illegally accessed databases containing customer order information. The company shut down the unauthorized access and engaged third-party cybersecurity experts. Attackers obtained limited customer information including email addresses, phone numbers, and postal addresses from a small percentage of ADT's subscriber base. Customer home security systems were not compromised and no credit card or banking information was obtained. Filed under Item 8.01; company determined the incident was not material.

Tagging rationale

ThreatUnknown

Filing refers to 'unauthorized actors' without attributing to a specific actor category → UNKNOWN.

MethodsData Exfil

Unauthorized actors gained access to customer databases and actively exfiltrated customer contact information → DATA-EXFIL.

AssetsPersonal Data

Attackers accessed databases containing customer order information and obtained email addresses, phone numbers, and postal addresses → PERSONAL-DATA.

EffectsInfo Privacy Loss

Customer personal contact information (email, phone, address) was exfiltrated; no operational disruption or financial fraud → INFO-PRIVACY-LOSS.

Impact

Limited customer PII (email, phone, address) from a small percentage of ADT's subscriber base; no financial data, no system compromise, non-material per company → score 2.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt

Item 8.01 Other Information. ADT Inc. (ADT or the Company) recently experienced a cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information. After becoming aware of the incident, the Company promptly took steps to shut down the unauthorized access and launched an investigation, partnering with leading third-party cybersecurity industry experts. The attackers nonetheless obtained some limited customer information, including email addresses, phone numbers and postal addresses. Based on its investigation to date, the Company has no reason to believe that customers' home security systems were compromised during this incident. Additionally, the Company has no reason to believe the attackers obtained other personally sensitive information such as credit card data or banking information. The Company is continuing its investigation into this cybersecurity incident and has notified the customers it believes to have been affected, who comprise a small percentage of the Company's overall subscriber base.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Industrials

Unknown · April 20, 2026

ADT Inc.

ADT became aware on April 20, 2026 of unauthorized access to certain cloud-based environments. The company terminated the access, activated …

Unknown · March 11, 2026

Trio-Tech International, Inc.

On March 11, 2026, a Singapore-based subsidiary of Trio-Tech International experienced a ransomware attack that encrypted files on the compa…

Unknown · February 14, 2026

UFP Technologies, Inc.

On or about February 14, 2026, UFP Technologies detected unauthorized access to its IT systems, affecting billing and label-making functions…

Unknown · September 19, 2025

RTX Corporation

On September 19, 2025, RTX Corporation identified a ransomware incident on systems supporting its Multi-User System Environment (MUSE) passe…