Our Daily Breach 2024/10/09
ADT files 8-K disclosing a breach of employee data. The company goes on a journey believing that no client is impacted.
In an all too familiar story, security company American District Telegraph (ADT) submitted form 8-K to the Securities & Exchange Commission (SEC) disclosing that they discovered an unauthorized actor had illegally accessed their network using compromised credentials obtained through a third-party business partner.
Why is this interesting? We get it, companies get hacked.
Fair point intrusive thoughts, but this story is almost identical to yesterday's ODB, which involved another American security as a service company that filed a breach the same day.
What's interesting about this particular filing from ADT is that they did not specify a timeline of the incident and explicitly stated that the investigation is "early and ongoing" while somehow claiming the impact was limited. ADT believes that only employee data was compromised. One could believe in the benevolence / incompetence in the hackers. It is in this belief that we can frolic in the fields of the assumption that no one exploited these admin credentials to compromise customers personal information and/or their respective security systems.
While I am a huge fan of Journey, I don't necessarily agree with ADT that it Don't Stop Believin' is a viable policy when it comes to disclosing the impact of breaches to the public.
