[German]It's an unpleasant story involving a company for automation solutions and home security solutions. The US company ADT has reported a security breach to the US authorities. An attacker was able to gain access to ADT systems via third parties and access them, as well as tapping into employees' account data.
Advertising
Who is ADT?
ADT is a listed American company that specializes in security and smart home solutions for private customers and small businesses. However, they are also active in the commercial sector. The company employs over 14,000 people and has an annual turnover of 4.98 billion US dollars.
The company's US website is currently unavailable and the above Access Denied message is displayed.
Report of a cyber incident
Last night I came across the following tweet from my colleagues at Bleeping Computer. They report that the US company ADT has now had to report its second hack in two months. The company was hacked via stolen access data.
Advertising
The security company ADT has announced the security incident or cyber attack itself. As a listed company, ADT is required to make such a disclosure to the US Securities and Exchange Commission (SEC). The corresponding Form 8-K was received by the SEC yesterday, Monday evening, October 7, 2024.
In the form, the company states that ADT Inc. "recently" became aware of unauthorized activity on its network. Upon further investigation, it was discovered that an unauthorized actor had accessed the company's network. The attacker was using compromised credentials obtained (stolen) from a third party business partner.
In its announcement, the company assumes that the unauthorized actor exfiltrated certain encrypted internal ADT data associated with employee user accounts during the intrusion.
Based on the investigation to date, the company does not believe that any customer personal information was exfiltrated or that any customer security systems were compromised. We will have to wait and see whether this statement holds up.
The company claims to have taken immediate steps to prevent unauthorized access. Due to these measures, there are some interruptions in the company's information systems, which also explains the above-mentioned website outage.
According to ADT, the investigation into the company's IT is at an early stage and has not yet been completed. The third party has been informed that their systems have been compromised. An investigation has also been initiated there and countermeasures have been taken.
ADT says it has engaged leading outside cybersecurity experts to assist the company in responding to the incident and is working closely with federal law enforcement agencies. The company is also working closely with its external business partner to remediate the incident.
Advertising
