ADT Reports Second Data Breach in Two Months Due to Stolen Credentials

Severity: Medium (Score: 51.9)

Sources: newsroom.adt.com, www.bleepingcomputer.com

Summary

ADT disclosed a cybersecurity incident on April 20, 2026, where unauthorized access was gained through stolen credentials from a third-party partner. The breach involved a limited set of customer and prospective customer data, including names, phone numbers, and addresses, with some cases also exposing dates of birth and the last four digits of Social Security numbers. Importantly, no payment information was accessed, and customer security systems remained unaffected. ADT's response included terminating the intrusion, launching a forensic investigation with third-party experts, and notifying law enforcement. This incident marks the second breach for ADT in two months, following a previous data leak of 30,800 customer records in August 2025. ADT has offered complimentary identity protection services to impacted individuals. The company is committed to enhancing its cybersecurity infrastructure to protect customer data. Key Points: • ADT suffered a second data breach in two months, affecting customer data. • The breach was caused by stolen credentials from a third-party partner. • No payment information was compromised, and ADT is offering identity protection services.

Key Entities

• Data Breach (attack_type)
• ADT (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)