ADT Data Breach Following ShinyHunters Extortion Threat
ADT confirmed a data breach detected on April 20, 2026, after the ShinyHunters extortion group threatened to leak stolen records. The breach was attributed to a voice phishing (vishing) attack that compromised an employee's Okta single sign-on (SSO) account, used to access the company's Salesforce instance. Compromised information included names, phone numbers, and addresses, with a small percentage including dates of birth and partial SSNs. ShinyHunters claimed theft of more than 10 million records, and Have I Been Pwned later measured the exposed dataset at 5.5 million people.
Signal context
First seen: Apr 20, 2026
Last updated: Jul 3, 2026
Status: Public signal
Key points
- Data breach detected on April 20, 2026.
- ShinyHunters extortion group claimed responsibility.
- Breach caused by a vishing attack compromising an employee's Okta SSO account.
Signal analysis
BetaIt helps compare this signal with other published signals without treating the labels as final determinations.
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 1 signal in the same sector
- 88 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
ADT Salesforce Data Breach 2026: ShinyHunters Compromise Okta SSO via Vishing Attack - Sypher Newshttps://syphernews.com/adt-salesforce-data-breach-2026-shinyhunters-compromise-okta-sso-via-vishing-attack/Public source from syphernews.com.
ADT Data Breach - Have I Been Pwnedhttps://haveibeenpwned.com/PwnedWebsites#ADTPublic source from haveibeenpwned.com.
Top 10 Data Breaches of April 2026 - Strobes Securityhttps://www.strobes.co/blog/top-10-data-breaches-of-april-2026/Public source from strobes.co.
Top 10 Data Breaches of April 2026 - Strobes Securityhttps://www.strobes.co/blog/top-data-breaches-april-2026/Public source from strobes.co.
April 2026 Data Breaches: 15+ Major Incidents & Latest Updates - SharkStrikerhttps://sharkstriker.com/blog/april-2026-data-breaches/Public source from sharkstriker.com.
List of Recent Data Breaches in 2026 - Bright Defensehttps://www.brightdefense.com/resources/recent-data-breaches/Public source from brightdefense.com.
Top 10 Data Breaches of April 2026 - Strobes Securityhttps://strobes.co/blog/top-data-breaches-april-2026/Public source from strobes.co.
Hackers claim millions of records stolen in ADT breach - Help Net Securityhttps://www.helpnetsecurity.com/2026/04/27/adt-systems-data-breach/Public source from helpnetsecurity.com.
ADT Data Breach Exposes Sensitive Personal Information for 5.5M Accounts - Claim Depothttps://www.claimdepot.com/data-breach/adt-2026Public source from claimdepot.com.
ADT Breach Confirmed: Names, Phone Numbers, and Addresses Exposedhttps://www.securitymagazine.com/articles/102264-adt-breach-confirmed-names-phone-numbers-and-addresses-exposedPublic source from securitymagazine.com.
ADT Data Breach - Have I Been Pwnedhttps://haveibeenpwned.com/Breach/ADTPublic source from haveibeenpwned.com.
SecureFact - Cyber Security News - Week of April 20, 2026 - Mage Datahttps://magedata.ai/resources/securefact/2026-04-20/Public source from magedata.ai.
Related signals
Grouped by why the signal is relevant.
Xsolis Data Breach Exposes 1.4 Million Patient Records Across Eight Health Systems
A targeted phishing attack on healthcare AI company Xsolis exposed the data of at least 1.4 million patients across eight U.S. health systems, including Mayo Clinic. The breach, which occurred on January 20, 2026, was reported to HHS on June 5, and widely reported on July 2, 2026. Exposed data included Social Security numbers, health insurance details, and medical treatment records.
Peter Thiel's Dialog Society Data Leak Exposes Senior US Officials
A data exposure at Dialog, a private events group co-founded by Peter Thiel, unmasked personal information and login tokens for US and allied national security figures. The incident, which Dialog internally classified as a cyberattack but evidence suggests was a website misconfiguration, exposed private details of 222 registrants for its 2026 retreat, including names, private contact details, active login tokens, and internal ratings.
Healthcare AI Company Xsolis Suffers Data Breach Impacting 1.4 Million Individuals
Healthcare AI company Xsolis disclosed a data breach affecting nearly 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which gave attackers unauthorized access to files containing sensitive patient information. The compromised data potentially includes names, dates of birth, Social Security numbers, health insurance details, and medical treatment records. Xsolis confirmed the incident has been contained and is notifying affected individuals, offering free credit monitoring.
Whise.eu (European Real Estate CRM) Data Leak by ChimeraZ
The threat actor ChimeraZ claimed to have leaked a database from Whise, a Belgian CRM system for the real estate sector, on the dark web on June 23, 2026. The leaked data reportedly consists of 40.85 million records, approximately 15.8 GB of JSON files. Whise is a market leader in Belgium and also active in France.
Vienna Airport Targeted in APT73/Bashe Ransomware Attack
The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.
Meta Pauses AI Employee Monitoring Program After Internal Data Leak
Meta temporarily paused its internal AI training program, the Model Capability Initiative (MCI), on June 22, 2026, following a security incident that exposed sensitive employee data to broader internal access than intended. The program, launched in April 2026, collected data on employees' work activities, including keystrokes, mouse movements, conversations, transcripts, and performance-related information, to train AI models. The leak reportedly exposed private employee conversations, performance data, and transcriptions. Meta classified the incident as a SEV 2 and is investigating, stating that privacy safeguards were in place and no external breaches were indicated.
