cyber Breach

ADT

May 11, 2023 1 min read
ADT

A former employee had gained unauthorized access to the accounts of 220 customers, all of them located in the Dallas area.

ADT was subjected to two lawsuits, both seeking class-action status.

The former ADT technician Telesforo Aviles installed indoor security cameras at homes across Dallas and added his personal email address to the accounts and could easily access the cameras and spy on customers.

He did this repeatedly over a period of seven years to hundreds of customers.

ADT was accused of failing to fix vulnerabilities in its ADT Pulse software, which the company relies on to access the security system, including cameras and smart locks, installed in each customer's home.

Source: https://uk.pcmag.com/home-security-cameras/127045/adt-technician-spied-on-customers-for-7-years

TPRM report: https://scoringcyber.rankiteo.com/company/adt

"id": "adt1956291222",
"linkid": "adt",
"type": "Data Leak",
"date": "05/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 220,
                        'industry': 'Security Services',
                        'location': 'Dallas',
                        'name': 'ADT',
                        'type': 'Company'}],
 'attack_vector': 'Insider Threat',
 'data_breach': {'number_of_records_exposed': 220,
                 'type_of_data_compromised': 'Customer Account Information, '
                                             'Video Feeds'},
 'description': 'A former ADT employee gained unauthorized access to the '
                'accounts of 220 customers in the Dallas area, using his '
                'personal email address to access indoor security cameras and '
                'spy on customers over a period of seven years.',
 'impact': {'customer_complaints': 'Two lawsuits seeking class-action status',
            'data_compromised': 'Customer Account Information, Video Feeds',
            'legal_liabilities': 'Two lawsuits seeking class-action status',
            'systems_affected': 'ADT Pulse Software, Security Cameras'},
 'initial_access_broker': {'entry_point': 'Insider Threat',
                           'reconnaissance_period': 'Seven Years'},
 'motivation': 'Unauthorized Surveillance',
 'post_incident_analysis': {'root_causes': 'Vulnerabilities in ADT Pulse '
                                           'Software'},
 'regulatory_compliance': {'legal_actions': 'Two lawsuits seeking class-action '
                                            'status'},
 'threat_actor': 'Telesforo Aviles',
 'title': 'Unauthorized Access to Customer Accounts by Former Employee',
 'type': 'Unauthorized Access',
 'vulnerability_exploited': 'ADT Pulse Software Vulnerabilities'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.