If you thought your data was safe in 2026, it is time to think again. The cybersecurity landscape has just been rocked by two massive back-to-back data breaches this April. Home security giant ADT and educational powerhouse McGraw Hill have both confirmed massive leaks, exposing the personal details, emails, and phone numbers of over 23 million individuals.
As these stolen datasets begin circulating on the dark web, cybercriminals are already launching targeted phishing and identity theft campaigns. Here is the full breakdown of what happened and how to verify if your identity is at risk.
The ADT Breach: A Masterclass in Social Engineering
In early April 2026, the notorious extortion group known as ShinyHunters successfully breached ADT’s internal systems. Rather than using complex zero-day malware, the attackers used vishing (voice phishing). By mimicking an IT support call, they tricked an employee into handing over their Okta Single Sign-On (SSO) credentials.
The result? The attackers gained access to over 10 million customer records. The stolen data includes names, physical addresses, phone numbers, and in some terrifying cases, the last four digits of Social Security Numbers (SSNs). Because phone numbers were leaked, victims are now at extreme risk of SIM-swapping attacks and SMS phishing scams.
McGraw Hill: The 13.5 Million Email Disaster
Just days after the ADT incident, educational publisher McGraw Hill suffered a monumental leak of its own. Unlike ADT, this wasn't a targeted extortion hack. It was caused by a simple yet devastating Salesforce misconfiguration.
This oversight left a massive CRM database completely exposed to the public internet, leaking 13.5 million unique email addresses alongside user names and contact details. When corporate giants fail to secure their cloud environments, it is the everyday users who pay the price.
Are You Part of the 23 Million? How to Check
With massive combo lists being updated daily, the window to protect your identity is closing fast. If you have ever been an ADT customer or used McGraw Hill's educational platforms, you must assume your data is compromised until proven otherwise.
Follow these immediate steps to secure your digital life:
- Visit our official Data Breach Security Checker.
- Enter your primary email address and your phone number into our secure search tool.
- Our system will cross-reference your details against the newly indexed ADT and McGraw Hill databases.
- If our tool flags your email as "Pwned," immediately change your passwords across all your critical accounts.
The Harsh Reality of 2026
The events of April 2026 prove a frightening reality: hackers no longer break in; they simply log in. Whether it's an employee falling for a vishing scam or an IT admin leaving a database open, your data is only as secure as the weakest link.
Stay vigilant. Protect yourself by shifting from SMS-based 2FA to an Authenticator App, and make it a weekly habit to run a free security check on your email. Don't let your personal information become just another statistic on the dark web.