In April 2026, home security giant ADT confirmed that the hacking group ShinyHunters had breached its systems, exposing the personal data of approximately 5.5 million customers. The breach is especially unsettling because ADT is a company people trust to protect their homes — and the stolen data includes names, physical addresses, phone numbers, and email addresses. Here is what happened and what you should do right now to protect yourself.
What Happened in the ADT Breach?
ShinyHunters, one of the most prolific cybercriminal groups operating in 2026, gained access to ADT's systems through a voice phishing (vishing) attack that compromised an employee's Okta single sign-on account. Once inside, the attackers were able to access customer data stored in ADT's corporate systems.
ADT detected the breach on April 20, 2026, and later confirmed the incident publicly after ShinyHunters listed the company on its leak site as part of a "pay or leak" extortion attempt. According to Have I Been Pwned, the breach exposed 5.5 million unique email addresses. ShinyHunters claimed to have stolen over 10 million records, though ADT has not confirmed this higher figure.
What Data Was Exposed?
ADT confirmed that the following information was compromised:
- Full names
- Email addresses (5.5 million confirmed)
- Phone numbers
- Physical home addresses
- In a small percentage of cases: dates of birth and the last four digits of Social Security numbers or Tax IDs
Your home address is exposed
Because ADT is a home security provider, the breach specifically exposed customers' home addresses — the very locations they were paying ADT to protect. This makes the stolen data especially useful for targeted scams, burglary planning, or stalking.
Steps to Protect Yourself After the ADT Breach
1. Change Your ADT Account Password
If you have an ADT online account, change your password immediately. Use a strong, unique password that you do not reuse on any other site. Enable two-factor authentication if ADT offers it. For guidance, see our article on how to create a strong password.
2. Watch for Phishing Attempts
With your name, email, phone number, and home address in the hands of criminals, expect targeted phishing attempts. Be wary of:
- Emails or texts claiming to be from ADT about your account or security system
- Phone calls offering "security upgrades" or requesting account verification
- Physical mail disguised as official ADT correspondence
ADT will never ask for your password or payment information through unsolicited emails or phone calls.
3. Monitor Your Credit
If your date of birth and partial SSN were included in the breach, take extra precautions. Freeze your credit at Equifax, Experian, and TransUnion to prevent anyone from opening new accounts in your name. Also consider signing up for free credit monitoring through ADT's breach response or a service like PrivacyOn.
4. Check Have I Been Pwned
Visit haveibeenpwned.com and enter your email address to confirm whether it appeared in the ADT breach. The site will also show you any other breaches your email has been involved in, giving you a broader picture of your exposure.
5. Remove Your Personal Information From Data Brokers
The data stolen in this breach will almost certainly be sold, shared, or combined with information already available on data broker sites. Removing your information from people-search sites like Spokeo, Whitepages, and BeenVerified reduces what attackers can piece together about you.
6. Secure Your Home Security System
If you use ADT's smart home or security system features, review your connected devices and app permissions. Change any PINs or access codes associated with your ADT system. Ensure that your home WiFi network is also secured with a strong password.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanHow the ADT Breach Happened: Vishing Explained
The ADT breach started with a vishing (voice phishing) attack. An attacker called an ADT employee and impersonated a trusted party to trick them into providing their Okta SSO credentials. With those credentials, the attacker gained access to internal systems and customer data.
Vishing attacks have surged in 2026, partly because AI-powered voice cloning makes it easier to impersonate colleagues and authority figures convincingly. Organizations are targets, but individuals should also be on guard against similar phone-based scams.
Is ADT Offering Compensation or Credit Monitoring?
ADT has publicly acknowledged the breach and is working with law enforcement. Check your email for official communications from ADT about any credit monitoring or identity protection services being offered to affected customers. If you receive an offer, take advantage of it — but remain cautious about phishing emails disguised as breach notifications.
Frequently Asked Questions
Was my ADT security system compromised?
ADT has stated that the breach affected its corporate IT systems and customer data, not the operational technology that runs home security systems. However, you should still change any PINs and review your system settings as a precaution.
Should I cancel my ADT service?
That is a personal decision. The breach affected customer data, not the security hardware itself. If you stay with ADT, take the protective steps outlined above. If you switch providers, make sure your ADT account is properly closed and your data deletion is requested.
Protect Yourself With Continuous Monitoring
The ADT breach exposed home addresses, emails, and phone numbers for millions of customers. This data will circulate among criminals for years. PrivacyOn monitors data broker sites, the dark web, and public records to catch when your personal information surfaces and remove it before it can be used against you. With 24/7 monitoring and coverage of 100+ broker sites, PrivacyOn gives you the ongoing protection that a one-time breach notification cannot.