Find notable cyber news and cases, enriched with sources, timelines, and signals.

ADT hit by data theft breach

Incident
First reported
Last updated
Happening score
H score 62
1 unique sources, 2 articles

Summary

Hide ▲

ADT confirmed a data breach after detecting unauthorized access to customer and prospective customer data on April 20, 2026, and the company said it terminated the intrusion and contacted affected people. The compromise matters because personal information was stolen, even though payment information and customer security systems were not affected.

Related Happenings

Charter Communications hit by network compromise linked to ShinyHunters

Incident
H score70 First: 26.05.2026 22:46 Last: 26.05.2026 22:46 Sources 1

About this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...

Latest development: 29.05.2026 11:29

Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.

Grafana Labs Says GitHub hit by cyberattack

Incident
H score70 First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

ShinyHunters data-theft extortion campaign targeting Salesforce customers

Campaign
H score83 First: 07.04.2026 22:39 Last: 07.04.2026 22:39 Sources 1

About this happening: The **ShinyHunters** extortion campaign is actively pressuring **numerous companies** with ransom demands tied to **stolen data**, increasing exposure for **Salesforce customers**...

Latest development: 11.05.2026 12:00

ShinyHunters' pay-or-leak campaign exposed data from Zara customers, with HaveIBeenPwned citing over 197,000 affected customers after an April 2026 incident that involved stolen Anodot authentication tokens reaching BigQuery and Snowflake, and the same operation later targeted Instructure's Canvas Learning Management System in late April 2026, affecting 8,809 users across 50 countries and aligning with other victims such as Vimeo, Rockstar Games and McGraw Hill.

Over a dozen companies data exposed after SaaS integration provider Snowflake breach

Data Leak
H score69 First: 07.04.2026 22:39 Last: 07.04.2026 22:39 Sources 1

About this happening: A stolen-token attack from a **SaaS integration provider breach** has led to data theft claims affecting **over a dozen companies**, creating immediate exposure and extortion risk...

Wynn Resorts hit by cyberattack

Incident
H score50 First: 24.02.2026 23:51 Last: 24.02.2026 23:51 Sources 1

About this happening: **Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...

Timeline

  1. 25.04.2026 01:53 1 articles · 2mo ago

    ADT detects unauthorized access to customer data

    Initial Disclosure

    ADT detected unauthorized access to customer and prospective customer data on April 20, 2026, terminated the intrusion, and launched an investigation into the scope of the compromise.

    Show sources
  2. 25.04.2026 01:53 2 articles · 2mo ago

    ADT confirms stolen personal data after ShinyHunters leak threat

    Victim Impact Update

    ADT confirmed that personal information was stolen from customer and prospective customer data, with the exposed data limited to names, phone numbers, and addresses and, in a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs. ADT said no payment information or customer security systems were affected, and it did not confirm ShinyHunters' claim of over 10M records, a ransom demand, or the alleged vishing compromise of an employee's Okta single sign-on (SSO) account leading to Salesforce access.

    Show sources