Security firm ADT reports data breach linked to stolen credentials

October 9, 2024
ADT Security Solutions Cyberattack Hackers Stolen Data

ADT, a security and smart home solutions providing company, disclosed that it suffered a compromise in which the hackers acquired initial access to its systems through previously stolen credentials and exfiltrated employee account information.

In a FORM 8-K filing with the SEC earlier this week, the company explained that unauthorised individuals had taken the credentials from one of their third-party business partners. This stolen data allowed the hackers to infiltrate ADT’s systems.

In reaction to the attack, ADT halted unauthorised access and launched an investigation with third-party cybersecurity specialists. During its investigations, it was discovered that encrypted account data for employees was stolen in the hack.

According to the ADT 8-K filing, the company promptly took measures to disable unauthorised access, notified the third party that its systems had been compromised, launched an investigation, and implemented countermeasures to protect its information technology assets and operations.

The incident prompted the company to employ a third-party security provider they believe can help investigate it. Additionally, the corporation has notified and collaborated with the relevant law enforcement agencies to resolve the incident.

 

ADT suspected that the threat actors acquired initial access through exfiltrated internal information.

 

According to investigations, ADT believed the hackers exfiltrated some of its encrypted internal data linked to employee user accounts. Additionally, the company warns that its precautionary methods involve disrupting its IT systems to prevent the attack from spreading further.

However, deactivating these IT systems restricts lawful access to internal apps and data, causing temporary disruptions in corporate operations servers and workstations. Furthermore, the corporation claims its investigation has not identified evidence of a hack on its customers’ data or security systems.

As of now, ADT has not commented on any inquiry about the cybercriminal incident. On the other hand, no ransomware groups or other threat actors have taken responsibility for the attack.

This attack is the company’s second breach in under two months. In August, the business also disclosed a data breach incident in which a threat actor exposed about 30,000 client records on a hacking forum. The leaked data includes various information, such as customer emails, addresses, user IDs, and product purchases.

Potentially impacted individuals in both incidents should be wary of possible targeted attacks, such as phishing, since threat actors will likely use the exposed data for other malicious purposes.

About the author

Leave a Reply