ADT says customer data stolen in cyber intrusion(therecord.media)
38 pointsby PaulHoule7 hours ago3 comments
  • hbcondo7144 hours ago
    This article is from a couple weeks ago, the same day ADT submitted "Other Information" to the SEC about unauthorized access:

    https://www.sec.gov/Archives/edgar/data/1703056/000170305626...

  • gnabgib7 hours ago
    Again sigh

    2024 Home security giant ADT says it was hacked (34 points, 14 comments) https://news.ycombinator.com/item?id=41193157

    2021 Home Security Tech Hacked into Cameras to Watch People Undressing and Having Sex (32 points, 6 comments) https://news.ycombinator.com/item?id=25876366

    2015 How to Hack an ADT Alarm System (78 points, 68 comments) https://news.ycombinator.com/item?id=8947172

    • jwsteigerwalt5 hours ago
      It’s an overstatement to call the 2021 incident a “hack”.
      • readthenotes15 hours ago
        If we want to use the word hack as a general term to describe the exploitation of notoriously weak security, then it's appropriate...
    • SilverElfin7 hours ago
      There’s no real consequence for security breaches. No fine. No reimbursement to the victims. No jail time for the CEO and board.
      • ranger_danger5 hours ago
        Are there real consequences in any country?
        • buccal3 hours ago
          In EU:

          Violators of GDPR (personal data) may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.

          Under NIS2 (cybersecurity), financial penalties may be up to either €10 million or 2% of the global yearly revenue, again, whichever is the greater amount.

        • smcin4 hours ago
          Yes. The 2018-9 breach and cyberextortion involving Finland's mental-health startup Vastaamo.

          - CEO Ville Tapio was convicted criminally under the GDPR.

          - The company failed in 2021.

          - Finland's NBI tightened criminal code on privacy violations of data subjects, either intentionally or through gross negligence, if they cause damage or significant inconvenience to the data subject.

          https://news.ycombinator.com/item?id=40210873

          • applfanboysbgon3 hours ago
            > The Helsinki Court of Appeal has overturned the criminal conviction of Ville Tapio, the former CEO of psychotherapy provider Vastaamo, in a case linked to one of Finland’s most serious data breaches. The court ruled on Thursday that Tapio was not criminally liable for alleged data protection failures related to the unauthorised access and publication of tens of thousands of patients’ sensitive information. Tapio had previously received a three-month suspended prison sentence from the District Court of Helsinki in spring 2023.

            No prison time, and the conviction was overturned. Your post rather got my hopes up when it suggested that a CEO faced consequences...

            • smcin2 hours ago
              They did: the Finnish CEO was criminally charged and convicted (under GDPR); that never happens in the US. (I wasn't aware it was overturned on appeal in 12/2025, neither is Wikipedia currently).

              They did face consequences. That ex-CEO (and CTO) also essentially had their reputations shredded, and their behavior was publicly scrutinized (have you ever seen the Comcast CEO grilled by Congress? I haven't). Sure, it would be better if they had actually gone to prison. But my point is GDPR has to teeth, unlike US state digital privacy laws.

              • applfanboysbgon13 minutes ago
                > have you ever seen the Comcast CEO grilled by Congress?

                I seem to recall some media circuses here and there about CEOs being subpoenad by Congress, for example Zuckerberg. I don't really consider that a consequence in any meaningful sense.

                Apparently the appeals court also released the hacker, even though his extortion led directly to the suicide of two people, and damage to thousands of others. Maybe the GDPR was meant to have teeth, but I can't help but wonder if the Helsinki Court of Appeals is for sale.

          • dylan6044 hours ago
            But now that it has happened once, will they ever do it again? A lot of innocent people lost their jobs because of not fault of their own. I'm putting this in the context of the NCAA punishment given to SMU frequently referred to as the death penalty. The NCAA has since said they would not do that again as there was a lot of unanticipated collateral damage from that punishment decision
  • ButlerianJihad3 hours ago
    ADT is the company that sells signs you put in your front yard to make burglars consider robbing your neighbors instead, right?