Connor Hart reports:
ADT is working with third-party cybersecurity experts and federal law enforcement to address an incident in which an outside party had illegally accessed its network, obtaining encrypted employee data.
The Boca Raton, Fla., home-security company on Monday said that the outside party, which it called an unauthorized actor, was able to access its network using credentials obtained through a third-party business partner, according to a Securities and Exchange Commission filing.
Read more at Market Watch.
From their SEC filing:
ADT Inc. (“ADT” or the “Company”) recently became aware of unauthorized activity on the Company’s network, and discovered an unauthorized actor had illegally accessed ADT’s network using compromised credentials obtained through a third-party business partner.
The Company promptly took steps to shut down the unauthorized access, notified the third party its systems had been compromised, launched an investigation, and implemented counter measures intended to safeguard the Company’s information technology assets and operations. ADT has hired leading third-party cybersecurity experts to assist with the Company’s response to the incident, and is working closely with federal law enforcement. The Company is also cooperating closely with its third-party business partner to address the incident.
The Company believes the unauthorized actor exfiltrated certain encrypted internal ADT data associated with employee user accounts during the intrusion. Based on its investigation to date, the Company does not believe customers’ personal information has been exfiltrated, or that customers’ security systems have been compromised. ADT’s containment measures have resulted in some disruptions to the Company’s information systems, and the Company’s investigation is at an early stage and ongoing.