Back to overview
Adt logo
adt.com
Adt
Confidence HighApr 20, 2026adt.com

ADT Data Breach Following ShinyHunters Extortion Threat

PatternExternal actor · Social · Confidentiality impact

ADT confirmed a data breach detected on April 20, 2026, after the ShinyHunters extortion group threatened to leak stolen records. The breach was attributed to a voice phishing (vishing) attack that compromised an employee's Okta single sign-on (SSO) account, used to access the company's Salesforce instance. Compromised information included names, phone numbers, and addresses, with a small percentage including dates of birth and partial SSNs. ShinyHunters claimed theft of more than 10 million records, and Have I Been Pwned later measured the exposed dataset at 5.5 million people.

Signal date
Apr 20, 2026
Updated
Jul 3, 2026
Confidence
High
Sources
12 sources

Signal context

First seen: Apr 20, 2026

Last updated: Jul 3, 2026

Status: Public signal

Key points

  • Data breach detected on April 20, 2026.
  • ShinyHunters extortion group claimed responsibility.
  • Breach caused by a vishing attack compromising an employee's Okta SSO account.

Signal analysis

Beta

It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Adt logo
Adt

Likely country: Location not provided

Threat source
Social, Error activity

The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.

  • Source type: outside the affected organization
  • Source type: possible insider or internal misuse
Business impact
Potential fraud or account takeover risk

Impact area: Confidentiality

Likely asset: User or customer data

Trend context
20 signals with similar action pattern
  • 1 signal in the same sector
  • 88 signals with the same likely impact area
  • 1 signal linked to this organization/domain
Mentioned entities
AdtData DisclosureExtortion Threat ADTShinyHuntersOktaSSOSalesforceCompromisedSSNs. ShinyHuntersHave I Been Pwned

External sources

Related signals

Grouped by why the signal is relevant.

xsolis.com logoXsolisJul 2, 2026
Same action patternSame impact area

Xsolis Data Breach Exposes 1.4 Million Patient Records Across Eight Health Systems

A targeted phishing attack on healthcare AI company Xsolis exposed the data of at least 1.4 million patients across eight U.S. health systems, including Mayo Clinic. The breach, which occurred on January 20, 2026, was reported to HHS on June 5, and widely reported on July 2, 2026. Exposed data included Social Security numbers, health insurance details, and medical treatment records.

dialog.org logoDialogJun 27, 2026
Same action patternSame impact area

Peter Thiel's Dialog Society Data Leak Exposes Senior US Officials

A data exposure at Dialog, a private events group co-founded by Peter Thiel, unmasked personal information and login tokens for US and allied national security figures. The incident, which Dialog internally classified as a cyberattack but evidence suggests was a website misconfiguration, exposed private details of 222 registrants for its 2026 retreat, including names, private contact details, active login tokens, and internal ratings.

xsolis.com logoXsolisJun 26, 2026
Same action patternSame impact area

Healthcare AI Company Xsolis Suffers Data Breach Impacting 1.4 Million Individuals

Healthcare AI company Xsolis disclosed a data breach affecting nearly 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which gave attackers unauthorized access to files containing sensitive patient information. The compromised data potentially includes names, dates of birth, Social Security numbers, health insurance details, and medical treatment records. Xsolis confirmed the incident has been contained and is notifying affected individuals, offering free credit monitoring.

whise.eu logoWhiseJun 23, 2026
Same action patternSame impact area

Whise.eu (European Real Estate CRM) Data Leak by ChimeraZ

The threat actor ChimeraZ claimed to have leaked a database from Whise, a Belgian CRM system for the real estate sector, on the dark web on June 23, 2026. The leaked data reportedly consists of 40.85 million records, approximately 15.8 GB of JSON files. Whise is a market leader in Belgium and also active in France.

viennaairport.com logoViennaairportJun 23, 2026
Same action patternSame impact area

Vienna Airport Targeted in APT73/Bashe Ransomware Attack

The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.

meta.com logoMetaJun 22, 2026
Same action patternSame impact area

Meta Pauses AI Employee Monitoring Program After Internal Data Leak

Meta temporarily paused its internal AI training program, the Model Capability Initiative (MCI), on June 22, 2026, following a security incident that exposed sensitive employee data to broader internal access than intended. The program, launched in April 2026, collected data on employees' work activities, including keystrokes, mouse movements, conversations, transcripts, and performance-related information, to train AI models. The leak reportedly exposed private employee conversations, performance data, and transcriptions. Meta classified the incident as a SEV 2 and is investigating, stating that privacy safeguards were in place and no external breaches were indicated.