Security provider ADT discloses second cybersecurity incident in two months

An unauthorized party stole encrypted internal data related to employee user accounts from home and small business security provider ADT, the company said Monday in a filing with the Securities and Exchange Commission.

The company detected the unauthorized access Oct. 2, according to the filing, and said the “unauthorized actor had illegally accessed ADT’s network using compromised credentials obtained through a third-party business partner.” 

The incident is the second cyberattack disclosed by the company in two months. In an Aug. 7 SEC filing, the company disclosed that during a “cybersecurity incident … unauthorized actors illegally accessed certain databases containing ADT customer order information” that included email addresses, phone numbers and postal addresses.

That incident did not include credit card data or banking information, the company said in the filing, nor was there any reason to believe that home security systems were compromised as a result of the incident.

A spokesperson for the Florida-based company told CyberScoop on Tuesday that the company is “investigating a cyberattack on our network,” and pointed to Monday’s SEC filing for any additional information. 

The spokesperson did not answer questions about whether the two incidents are distinct, or share any additional context around the nature or context associated with the third-party business partner.