iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Home and small business security provider ADT has disclosed that it suffered a second cyber attack in as many months.
In early August this year, ADT confirmed that unauthorised actors gained access to customer information, obtaining email addresses, phone numbers, and postal addresses, in a US Securities and Exchange Commission (SEC) filing.
The confirmation came as two users, netnsher and grimoire, on BreachedForums claimed responsibility for the attack, alleging to have exposed “over 30,812 records, including 30,400 unique emails”.
Now, in yet another 8-K filing with the SEC, the company said that it detected a threat actor on its systems that had gained access through stolen credentials, resulting in yet another data breach.
“[ADT] recently became aware of unauthorised activity on the company’s network and discovered an unauthorised actor had illegally accessed ADT’s network using compromised credentials obtained through a third-party business partner,” said the filing.
“The company promptly took steps to shut down the unauthorised access, notified the third party its systems had been compromised, launched an investigation, and implemented countermeasures intended to safeguard the company’s information technology assets and operations.”
ADT has also said it is working with federal law enforcement, third-party cyber experts, and the third-party partner from which the threat actor stole the credentials.
“The company believes the unauthorised actor exfiltrated certain encrypted internal ADT data associated with employee user accounts during the intrusion.
“Based on its investigation to date, the company does not believe customers’ personal information has been exfiltrated or that customers’ security systems have been compromised,” it said.
ADT added that in its effort to contain the breach and prevent further spread, some of its systems are experiencing disruptions and that its investigation is only in its early stages.
Unlike the previous ADT breach, no threat actor has claimed the attack, and the nature of the incident is currently unknown.
It is also unclear how many company employees were affected.
ADT does operate in Australia but is a separate entity and has separate processes, according to ADT Australia’s parent company, Intelligence Monitoring Group (IMG), speaking with Cyber Daily.
Be the first to hear the latest developments in the cyber industry.
