There is a certain dark irony in having your home security company hacked.

ADT is one of the most recognizable names in home protection. They put stickers on windows. They sell the idea of safety. And in April 2026, a hacking group called ShinyHunters broke into their systems, grabbed data on 5.5 million customers, demanded a ransom ADT refused to pay — and then dumped the entire archive online for anyone to download.

If you are an ADT customer, or were at any point in the past several years, this article is for you.

What Happened

ADT first detected the breach on April 20, 2026. Four days later, the story went public — not because ADT announced it calmly through a press release, but because ShinyHunters had already started the clock.

The group posted a countdown on their dark web leak site: pay up by April 27, or the data goes public. ADT did not pay. On April 27, ShinyHunters released an 11 GB archive of stolen customer records.

Have I Been Pwned, the widely trusted breach notification service, confirmed 5.5 million unique email addresses in the dump.

How Did They Get In?

This is the part that should concern everyone, not just ADT customers.

ShinyHunters told reporters at BleepingComputer that they got into ADT by calling an employee and impersonating someone legitimate — a technique called vishing, or voice phishing. The employee was tricked into handing over credentials for their Okta SSO account (Okta is a single sign-on platform that lets employees log into many company systems with one set of credentials).

Once inside that one account, the attackers pivoted into ADT’s Salesforce environment — where customer data lives — and started pulling records.

That is the whole attack chain: one phone call, one duped employee, one Okta account, millions of records.

What Data Was Exposed?

According to ADT’s own disclosure, the breach exposed:

  • Email addresses (5.5 million of them)
  • Full names
  • Phone numbers
  • Physical home addresses
  • In a smaller percentage of cases: dates of birth and the last four digits of Social Security numbers or Tax IDs

ADT stressed that no financial information, credit card numbers, or banking data was included. They also said there is no evidence of alarm system data being compromised — so a hacker likely cannot use this breach to disable your alarm remotely.

But names, email addresses, phone numbers, and home addresses together are still a serious combination.

Why This Data Is Dangerous

You might be thinking: so my email and phone number leaked. That happens all the time. What’s the big deal?

The big deal is the combination of data, and who ADT’s customers are.

ADT sells home security. Their customer list is essentially a directory of people who:

  1. Have valuables worth protecting
  2. Have a home address that is now publicly linked to their name and contact info
  3. Have signaled, by being an ADT customer, that home security matters to them — meaning they may be anxious enough to respond to a scary phone call or email claiming their alarm account has been compromised

That last point matters enormously. Phishing and vishing attackers are going to use this data list to target ADT customers specifically, with fake alerts about “suspicious activity on your account,” requests to verify your identity, or prompts to reset your password via a malicious link.

If your data was in this breach, expect targeted follow-up attacks, not just spam.

What You Should Do Right Now

1. Check if you were in the breach. Go to haveibeenpwned.com and enter your email address. If you have ever used that email address with ADT, it will tell you if it appeared in this dump.

2. Change your ADT account password immediately. Even if ADT says passwords were not exposed, your login credentials could be guessable or reused from elsewhere. Use a strong, unique password.

3. Enable multi-factor authentication on your ADT account. If ADT offers MFA, turn it on. A password alone is not enough anymore.

4. Be extremely suspicious of any contact claiming to be from ADT. Phone calls, text messages, and emails about your “account” or “security system” should be treated as potential scams right now. Do not click links in emails. If you need to contact ADT, call the number on their official website — not a number from any email or text you received.

5. Watch for identity theft signs. If your date of birth or partial Social Security number was included, consider placing a fraud alert with the major credit bureaus (Equifax, Experian, TransUnion). You can do this for free.

6. Be alert to physical security implications. Your home address is now paired with your name in a public breach dump. That is uncomfortable. If you were already concerned about anyone having your address, you should know this list is accessible.

The Bigger Lesson: Vishing Is Getting More Common

ADT had the right tools — they used Okta, a reputable enterprise SSO platform. The problem was that attackers did not hack Okta. They called a human being and convinced that person to hand over access.

This is what makes vishing so effective. No software can fully stop a persuasive phone call. The only defense is training employees to be deeply skeptical of any unsolicited request for credentials — and to verify through a separate, confirmed channel before doing anything.

If you work anywhere that uses single sign-on accounts, this story is a reminder of what one successful vishing call can do. It is not an ADT problem. It is an everybody problem.

ShinyHunters: Who Are They?

ShinyHunters is a prolific cybercriminal group with a track record of high-profile breaches. They have previously claimed attacks on Ticketmaster, Snowflake-linked companies, and numerous others. Their model is straightforward: steal data, demand ransom, publish if unpaid. ADT is far from their first target.

The group has operated for several years and continues to be active despite law enforcement attention. Their name will likely appear in future breach headlines.

Final Thoughts

Getting hacked is embarrassing for any company. Getting hacked as a home security company is a particular kind of embarrassing. But for ADT’s 5.5 million affected customers, the embarrassment is beside the point.

What matters now is taking the steps above, staying vigilant for follow-up phishing attempts, and understanding that your information is out there in a dump that any criminal with internet access can download.

Check haveibeenpwned. Change your password. Turn on MFA. Be suspicious of anyone calling or emailing about your ADT account.

That’s the playbook. It is not glamorous, but it works.