The worker was fired after an internal investigation revealed he had intermittent access to equipment, including cameras, for seven years.
Home security company ADT is alerting more than 200 of its customers in the Dallas-Fort Worth area that their accounts were compromised by a former employee who had unauthorized access to their security systems over the last several years.
According to a company spokesman, the Dallas-area technician added his personal email address to customers accounts during service visits. That gave him varying levels of access to their systems, including the video streams of security cameras.
The employee did not have access to financial information or Social Security numbers, the spokesman said. But he was able to operate within the company’s mobile app, which gave him access to the security systems.
“We deeply regret what happened,” said Jamie Haenggi, chief customer officer for ADT. “Customers trust ADT with their safety and security, and we understand that this jeopardizes that trust, and it is certainly and entirely unacceptable.”
The abuse was discovered in March after a DeSoto resident reported an unauthorized email address was associated with an account in the company’s app. ADT began an internal investigation and found the employee’s personal email address in 220 accounts.
The employee’s access was revoked immediately. ADT did not identify him but said he was fired as soon as the violations were discovered.
Dallas is one of ADT’s larger markets, according to the company, which has 6 million customers nationwide.
The company contacted DeSoto police after it wrapped up its investigation, the spokesman said.
Police also did not identify the employee or say whether he has been charged but asked any customers who think they were victims to contact ADT directly.
ADT said in a written statement that it is reviewing customer accounts to ensure more people’s privacy is not at risk.
The company said it has implemented procedures to prevent similar incidents. It has enhanced monitoring to identify unauthorized activity on accounts, Haenggi said. For example, ADT is sending notifications to customers when users are added to accounts.
Haenggi said the company isn’t sure what the employee did with his access and didn’t say whether he appeared to be targeting anyone in particular.
“The incident does not reflect the values or the ethics of our brand,” Haenggi said. “We are a company that, for 145 years, has stood for trust and security. These actions don’t reflect that brand nor the thousands of men and women who have dedicated their careers to helping protect others. We are truly just disappointed in what happened and very regretful for this experience for our customers.”