This week marked a significant escalation in North American identity threats as threat actors continued their calculated targeting of consumer accounts and personal data repositories. Multiple high-profile credential exposures affected millions of individuals, with attackers focusing on platforms holding the most valuable personal and financial information.

ADT Security Breach Exposes 5.5 Million Customer Records

Home security giant ADT suffered a data breach that appears to have exposed personally identifiable information pertaining to 5.5 million customers. ADT detected unauthorized access on April 20 and confirmed that the information involved was limited to names, phone numbers, and addresses. In a small percentage of cases, dates of birth and the last four digits of Social Security numbers or Tax IDs were included.

The ShinyHunters group told Bleeping Computer it breached ADT's Okta security software by socially engineering an employee. Using this account, the threat actors claimed they accessed and stole data from the company's Salesforce instance. ShinyHunters had posted a countdown on its dark web leak site: pay up by April 27 or the stolen data goes public. ADT didn't pay, and today, ShinyHunters dumped an 11GB archive of customer records.

ShinyHunters Ransomware Campaign Targets Major Brands

Vimeo has confirmed that hackers have stolen user and customer data following an attack involving a third-party vendor. ShinyHunters has taken credit for the Vimeo hack, claiming to have obtained data from the company's Snowflake and BigQuery instances. Data breach tracker Have I Been Pwned confirmed the breach on April 27, with 8.2 million unique email addresses included in the dump alongside names, phone numbers, and physical addresses affecting Pitney Bowes.

Prior to the announcement and SEC filing on April 18, 2026, the ShinyHunters data theft and extortion group claimed responsibility for the attack. The group claimed to have exfiltrated terabytes of Medtronic data, including personally identifiable information. The breach was added to Have I Been Pwned on April 17, 2026, after a dataset attributed to Amtrak appeared online. According to that listing, the dataset includes more than 2.1 million unique accounts. The exposed information listed by Have I Been Pwned includes email addresses, names, physical addresses and customer support records.

Citizens Bank Financial Data Exposure Confirmed

The deadline to enroll is April 30, 2027. Citizens Bank also recommended that affected customers close any compromised accounts and open new ones. The company stated that all costs associated with closing and reopening accounts will be waived. This financial exposure adds another layer of risk for consumers already dealing with widespread credential compromises across multiple platforms.

What Individuals Should Do This Week

Place fraud alerts immediately with all three credit bureaus if you are an ADT customer or have accounts with any of the affected companies. Check the free site Have I Been Pwned to see if your email address appears in the breach. Monitor your credit and consider placing a fraud alert with the three major credit bureaus – Equifax, Experian, and TransUnion – especially if you're an ADT customer exposed in the breach. Review all financial statements for unauthorized transactions and enable multi-factor authentication on all critical accounts.

What Businesses Should Do This Week

Review all third-party vendor access to cloud environments, particularly Salesforce and Okta integrations. ShinyHunters told Bleeping Computer it breached ADT's Okta security software by socially engineering an employee. Using this account, the threat actors claimed they accessed and stole data from the company's Salesforce instance. Implement additional verification protocols for IT help desk requests and conduct immediate security audits of cloud-based customer relationship management systems. Consider implementing zero-trust architecture for all external integrations.