Electronic surveillance equipment provider ADT filed a form 8-K with the Security and Exchange Commision (SEC) to report âa cybersecurity incident during which unauthorized actors illegally accessed certain databases containing ADT customer order information.â
An 8-K is a report of unscheduled material events or corporate changes at a company that could be of importance to the shareholders or the Securities and Exchange Commission (SEC).
ADT filed the 8-K on August 7, adding that the incident happened ârecently,â but refraining from providing an exact date. The company also did not provide an exact number of victimsâonly that the victims were personally notified about the breach.
Away from ADT’s official disclosures, on July 31, a cybercriminal with the handle ânetnsherâ announced the leak of a database purportedly belonging to ADT. According to the cybercriminal’s post:
“The infamous security company ADT with $5B revenue suffered a databreach exposing over 30,812 records including 30,400 unique emails, the records contain: CustomerEmail, Full address, User ID, Products bought, etcâŠ.”
According to ADT, the stolen data included:
- Email addresses
- Phone numbers
- Home addresses
The company also added that:
âBased on its investigation to date, the Company has no reason to believe that customersâ home security systems were compromised during this incident.â
The leak announcement by netnsher promises 30,812 records including 30,400 unique email addresses and âProducts bought.â
Although ADT does not believe the attackers stole customers’ credit card data or banking information, that last addition might make the database valuable for burglars. But phishing operations might also use the information to their advantage.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
- Check the vendorâs advice. Every breach is different, so check with the vendor to find out whatâs happened, and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you donât use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device canât be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. Itâs definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (itâs best to give the one you most frequently use) to our free Digital Footprint scan and weâll give you a report and recommendations.
Let’s face it, an incognito window can only do so much.
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance.
