Security firm ADT announces breach of customer data

Electronic surveillance equipment supplier ADT has filed a Form 8-K with the Security and Exchange Commission (SEC) to report “a cybersecurity incident in which unauthorized actors illegally accessed certain databases containing ADT customer order information.”

An 8-K is a report about unanticipated material events or business changes within a company that could be material to shareholders or the Securities and Exchange Commission (SEC).

ADT filed the 8-K on Aug. 7, adding that the incident occurred “recently,” but without providing a specific date. The company also did not provide an exact number of victims, only saying that victims had been personally notified of the breach.

Aside from ADT’s official disclosures, on July 31, a cybercriminal using the pseudonym “netnsher” announced the leak of a database that allegedly belongs to ADT. According to the cybercriminal’s message:

The infamous $5 billion security company ADT suffered a data breach that exposed over 30,812 records, including 30,400 unique emails. The records include: customer email, full address, user ID, products purchased, etc. — Publication announcing a database leak

“The infamous $5 billion security company ADT suffered a data breach that exposed over 30,812 records, including 30,400 unique emails. The records include: customer email address, full address, user ID, products purchased, etc.”

According to ADT, the stolen data included:

Email addresses
Phone numbers
Personal addresses

The company also added that:

“Based on its investigation to date, the Company has no reason to believe that customers’ home security systems were compromised in this incident.”

Netnsher’s leaked ad promises 30,812 records, including 30,400 unique email addresses and “purchased products.”

While ADT doesn’t believe the hackers stole customers’ credit card data or banking information, the latest addition could make the database valuable to burglars. But phishing operations could also use the information to their advantage.

Protecting yourself after a data breach

There are certain steps you can take if you are, or think you have been, the victim of a data breach.

Check the seller’s advice. Every breach is different, so check with the provider to find out what happened and follow any specific advice they offer.
Change your password. You can make a stolen password unusable to thieves by changing it. Choose a strong password that you won’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-enabled hardware key, laptop, or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cannot be phished.
Beware of fake sellers. Thieves may contact you by pretending to be the seller. Check the seller’s website to see if they contact victims, and verify the identity of anyone who contacts you using another communication channel.
Take your time. Phishing attacks often impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card detailsIt’s certainly more convenient to have sites remember your card details for you, but we strongly recommend that you don’t store this information on websites.
Configure identity monitoring. Identity monitoring alerts you if your personal information is found being illegally traded online and helps you recover after the fact.

Malwarebytes offers a free tool that lets you check how much of your personal data is exposed online. Submit your email address (it’s best to give the one you use most frequently) to our free digital footprint scan and we’ll provide you with a report and recommendations.

We don’t just report threats: we help you protect your entire digital identity.And

Cybersecurity risks should never be outside the headlines. Protect you and your family’s personal information using identity protection.