Latonia James has filed a class action lawsuit against ADT, accusing the home security and smart automation provider of failing to protect customer data after a hacker infiltrated its network on or about April 20, 2026. The suit says the breach exposed names, phone numbers, addresses, dates of birth, the last four digits of Social Security numbers and tax IDs.

The complaint says ADT kept personally identifiable information on systems it knew were vulnerable to cyberattack and did not use reasonable data security measures consistent with Federal Trade Commission guidelines. It also says the company failed to fully disclose the scope of the breach to affected people, regulators and the public.

ADT publicly acknowledged the breach and said it directly notified all impacted individuals. The company also said it would offer complimentary identity protection services. James, however, says that has not amounted to meaningful identity theft monitoring for her and many other proposed class members.

The lawsuit says the stolen data did not stay hidden for long. According to the complaint, a cybercriminal using the online moniker ShinyHunters posted on a dark web extortion site claiming to have stolen more than 10 million customer records. The post issued a “Pay or Leak” demand that ADT respond by April 27, 2026, and threatened additional “digital problems” if the company refused.

That sequence is at the center of the case now pending in the U.S. District Court for the Southern District of Florida, where James filed James v. ADT Inc., Case No. 9:26-cv-80546. Her lawyers, Nicholas A. Colella and Stephen E. Connolly of Lynch Carpenter LLP, are seeking at least 10 years of credit monitoring for all class members, along with damages and a declaratory judgment saying ADT continues to breach its legal duty to protect customer data.

The filing argues the fallout from a breach of this kind does not end when the password resets and notice letters go out. It says victims commonly face years of identity theft and financial fraud, and that “Plaintiff and class members are now at a significantly increased and certainly impending risk of fraud, identity theft, intrusion of their privacy and similar forms of criminal mischief, risks which may last for the rest of their lives.”

For ADT, the case now turns from a disclosure issue into a legal fight over what it knew, when it knew it, and whether the response matched the scale of the intrusion. For James and the people she wants to represent, the question is simpler: whether the company’s notice and identity protection offer came anywhere near enough after data tied to millions of customers was allegedly exposed.