ADT Data Breach Class Action Lawsuit (2026)
Data Breach · Lawsuit Filed

ADT Data Breach Class Action Lawsuit Over 2026 ShinyHunters Cyberattack

Published July 6, 2026

If you got a breach notice from ADT, this is the lawsuit behind it — and the honest scope: ADT confirmed names and contact details for millions, with partial Social Security data for a smaller group. Nothing to claim yet.

A conceptual data-breach image, illustrating the ADT data breach class action lawsuit over the 2026 ShinyHunters cyberattack
A proposed class action alleges ADT failed to secure customer data in a 2026 cyberattack claimed by the ShinyHunters group.
Allegations Only · No Settlement Yet

This article describes a class action complaint. The statements below are unproven allegations, and figures attributed to the attacker are unverified. ADT Inc. has not been found liable, there is no certified class, and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

ADT, one of the largest home-security companies in the United States, is facing a proposed class action after a 2026 cyberattack exposed customer information. The suit is captioned James v. ADT Inc. and was filed on May 12, 2026 in Florida federal court.

According to reporting on the incident, attackers gained access to ADT's systems around April 20, 2026 using an employee's login credentials obtained through a voice-phishing (vishing) scheme, then exfiltrated customer data. The well-known extortion group ShinyHunters claimed responsibility. ADT has not been found liable, and the allegations in the complaint remain unproven.

Status Complaint Filed Proposed class action · James v. ADT Inc. · S.D. Fla. · Filed May 12, 2026
Data Exposed (ADT-confirmed) Names, phone, address, email · some DOB + last-4 SSN/Tax ID ADT said no full payment-card details or account credentials were accessed · ShinyHunters claimed 10M+ records (unverified); HIBP found ~5.5M emails
Can I Claim? No — nothing to claim yet No settlement, no fund, no claim form at this stage

What Was Exposed

The clearest picture of the breach comes from ADT itself. According to reporting on the company's disclosures, the exposed information included customer names, phone numbers, physical addresses, and email addresses. In a smaller share of cases, the data also included dates of birth and the last four digits of Social Security numbers or tax IDs. ADT stated that full payment-card details and account credentials were not accessed.

The scale is where the confirmed figure and the attacker's claim diverge. ShinyHunters claimed to have stolen more than 10 million records — but that is the attacker's unverified claim. An independent review by the breach-notification service Have I Been Pwned identified about 5.5 million unique email addresses in the leaked data. Following OCA's practice, we lead with the company-confirmed categories and the independent count, and treat the 10-million figure as an unverified extortion claim.

What the Lawsuit Alleges

The complaint alleges ADT failed to implement reasonable and industry-standard data-security measures to protect the personal information it collected. Among other things, it alleges ADT stored customer data unencrypted on internet-accessible systems, failed to guard against a foreseeable social-engineering attack, and did not prevent or promptly disclose the breach. The plaintiffs seek to represent a class of affected ADT customers and bring the negligence, breach-of-implied-contract, and related claims typical of data-breach litigation.

As with any complaint, these are allegations only. ADT has not been found liable, no class has been certified, and the company may dispute both the legal claims and the attacker's characterization of the stolen data.

Is There an ADT Settlement Yet?

No. This is a lawsuit, not a settlement.

That means there is no settlement fund, no claim form, no payout, and no deadline to act — and customers do not need to do anything in the lawsuit at this stage. The filing of a complaint is the start of a case, not the end. If the case is ever resolved through a settlement, or a class is certified, a formal claims process with its own eligibility rules and deadlines would be announced separately, and OpenClassActions.com would cover it.

What ADT Customers Can Do Now

• Watch for an official breach notice from ADT and read what it says was exposed for you specifically.
• Be alert to phishing calls, texts, and emails that reference your ADT account — the attack itself started with social engineering.
• If partial Social Security or tax-ID data was involved for you, consider a fraud alert or a free credit freeze.
• Monitor your financial accounts and keep any notice you receive in case a settlement later opens a claims process.

These steps are free and do not depend on the lawsuit. For open, claimable breach settlements, see OCA's data breach settlements tracker.

Frequently Asked Questions

Is there an ADT data breach settlement yet?

No. James v. ADT Inc. and related cases are proposed class actions, not settlements. There is no fund, no claim form, and no deadline. ADT has not been found liable.

What information was exposed?

ADT confirmed names, phone numbers, addresses and email addresses, and in a small percentage of cases dates of birth and the last four digits of Social Security numbers or tax IDs. ADT said full payment-card details and credentials were not accessed.

How many people were affected?

ShinyHunters claimed more than 10 million records, but that is the attacker's unverified claim. Have I Been Pwned identified about 5.5 million unique email addresses in the leaked data.

Do I need to file a claim?

No. Because this is a lawsuit and not a settlement, there is nothing to claim and no deadline. Keep any breach notice you receive. If a class is certified or a settlement is reached, a claims process and deadlines would be announced separately.

Sources

• Bloomberg Law — "ADT Sued Over Data Breach Affecting More Than 5 Million Accounts": Bloomberg Law
• Have I Been Pwned — ADT breach record (unique email count): Have I Been Pwned
• U.S. District Court, Southern District of Florida — docket for James v. ADT Inc. (filed May 12, 2026), via CourtListener: CourtListener Docket Search


For more class actions keep scrolling below.
Status Complaint Filed — Proposed Class Action
Case Title James v. ADT Inc.
Court U.S. District Court, Southern District of Florida
Date Filed May 12, 2026
Incident ~April 20, 2026 · credentials via vishing · ShinyHunters claimed
Official Court Page CourtListener Docket

Related Data Breach Cases & Settlements