Home security organization ADT has confirmed it experienced a data breach following a detection of unauthorized activity. 

On Apr. 20, the organization discovered someone had accessed the data of customers and prospective customers. The company terminated the access and initiated an investigation, determining personal information had been stolen. 

The investigation found the compromised data was mostly limited to: 

• Names
• Phone numbers 
• Addresses 

However, in some instances, the following information was impacted as well: 

• Birth dates
• Tax IDs
• Last four digits of Social Security numbers 

The company found no instances in which payment information (such as bank accounts or credit cards) were accessed. Furthermore, the customer security systems were not affected. 

All affected individuals have been contacted at this time. 

ShinyHunters has claimed the attack, asserting they have stolen 10 million customer records. The group states they breached ADT via a voice phishing (vishing) campaign, taking advantage of an Okta single sign-on (SSO) account belonging to an employee. Leveraging the account, the group claims to have stolen the data from the organization’s Salesforce instance. 

ADT has not confirmed the amount of data stolen at this time.