Did the recent ADT network breach leave you feeling less secure? Knowing the causes of this incident could help you narrow down the best proactive steps to safeguard your establishment.
Breaking Down the Case
ADT is a trusted name in alarm systems for homes and small businesses. On October 7, its representative informed the Securities and Exchange Commission (SEC) that it suffered a cybersecurity breach. The threat actor exfiltrated encrypted internal data associated with employee user accounts. Â
Hackers accessed their systems through compromised credentials obtained through a third-party business partner. They already notified this associate to contain the breach and minimize further damage.
It’s not an isolated case. There’s a growing trend of supply chain attacks across other industries. Criminals exploit the weaker links in a company’s network, such as outside partners and vendors. Similar cases like the SolarWinds breach only prove that third-party risk management is no longer optional but compulsory.
What Does This Mean for ADT’s Clients?
If your premises use ADT for security, there’s no need to panic. In their own words, “The company does not believe customers’ personal information has been exfiltrated, or that customers’ security systems have been compromised.”
This particular ADT cyberattack only targeted internal accounts and didn’t impact customer systems.
Current Containment Efforts
ADT swiftly protected its assets, but the process disrupted some internal systems. Shutting down parts of an information network to limit the spread of an attack is a fairly common practice.
They didn’t provide specifics, but they mentioned temporary operational challenges, such as limited access to certain data and internal applications.
ADT continues to work with its unnamed business partner and federal law enforcement in its investigation.
Not the First ADT Hacking Incident
ADT confirmed another breach last August — and this one, unfortunately, involved customer data security.
The company shared that threat actors leaked stolen data on a hacking forum. ADT also filed a Form 8-K with the SEC. It disclosed that unauthorized individuals accessed several databases containing 30,812 records.
They contained:
- Emails addresses
- Full physical addresses
- Phone numbers
- Products bought
Despite the nature of the ADT security breach, the company mentioned that it has no reason to believe that clients’ security systems became compromised.
Protecting Your Business
Why wait for something bad to happen? Stay proactive and incorporate these simple cybersecurity measures:
- Check with your vendor: Follow the service provider's updates and advice. They’re your first point of contact for network vulnerability concerns.
- Keep all software up-to-date: Most systems today have automated patches, but ensure you enable them.
- Update your password: Make stolen passwords useless by changing them regularly. Choose something strong and unique each time, or let a password manager pick one.
- Set up identity monitoring: Get a service that helps catch unauthorized activity fast to protect yourself.
- Enable two-factor authentication (2FA): The company’s mobile app and portal login have this feature — use it. The latest ADT network breach highlights the need.