Item 8.01 | Other Information. |
ADT Inc. (“ADT” or the “Company”) recently became aware of unauthorized activity on the Company’s network, and discovered an unauthorized actor had illegally accessed ADT’s network using compromised credentials obtained through a third-party business partner.
The Company promptly took steps to shut down the unauthorized access, notified the third party its systems had been compromised, launched an investigation, and implemented counter measures intended to safeguard the Company’s information technology assets and operations. ADT has hired leading third-party cybersecurity experts to assist with the Company’s response to the incident, and is working closely with federal law enforcement. The Company is also cooperating closely with its third-party business partner to address the incident.
The Company believes the unauthorized actor exfiltrated certain encrypted internal ADT data associated with employee user accounts during the intrusion. Based on its investigation to date, the Company does not believe customers’ personal information has been exfiltrated, or that customers’ security systems have been compromised. ADT’s containment measures have resulted in some disruptions to the Company’s information systems, and the Company’s investigation is at an early stage and ongoing.
Forward Looking Statements
ADT has made statements in this filing that are forward-looking and therefore subject to risks and uncertainties, including those described below. All statements, other than statements of historical fact, included in this document are, or could be, “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995 and the applicable rules and regulations of the Securities and Exchange Commission (the “SEC”) and are made in reliance on the safe harbor protections provided thereunder. These forward-looking statements relate to, among other things, the impact from the cybersecurity incident, the scope of the investigation and the Company’s plans, objectives, projections and expectations relating to the Company’s operations or financial condition, and assumptions related thereto. Without limiting the generality of the preceding sentences, any time we use the words “ongoing,” “expects,” “intends,” “will,” “anticipates,” “believes,” “confident,” “continue,” “propose,” “seeks,” “could,” “may,” “should,” “estimates,” “forecasts,” “might,” “goals,” “objectives,” “targets,” “planned,” “projects,” and, in each case, their negative or other various or comparable terminology, and similar expressions, we intend to clearly express that the information deals with possible future events and is forward-looking in nature. However, the absence of these words or similar expressions does not mean that a statement is not forward-looking. These forward-looking statements are based on management’s current beliefs and assumptions and on information currently available to management. We caution that these statements are subject to risks and uncertainties, many of which are outside of our control and could cause future events or results to be materially different from those stated or implied in this filing, including, among others, the Company’s ongoing assessment of the impacts of the cybersecurity incident; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the Company’s ability to coordinate effectively with its third party business partner to address the cybersecurity incident; the impact of the cybersecurity incident on the Company’s