Two class actions were filed against ADT Security over allegations that employees spied on customers. ADT is accused of “intentional and negligent tortious acts in providing security services to its customers with remote-viewing capabilities.” The first class action was filed on behalf of ADT customers, while the second class action is for minors and others living in the affected homes.
The complaint said in April 2020, “Shana Doty received a terrifying phone call from ADT: the technician who had worked on her indoor security camera system had granted himself remote access, and had used that access an unknown amount of times to spy on her, her husband, and her minor son in their most private moments.” Additionally, Alexia Preddy, the plaintiff in the other case and a minor at the time of the alleged negligence, received a similar call. However, they were not alone; the complaint alleged that hundreds of customers experienced a similar invasion of privacy over at least a seven year period.
They claim that “The ADT vulnerability allowed any one of its technicians to grant themselves (or for them to grant anyone else for that matter) access to a customer’s ADT Pulse application and control every aspect of the customers’ home security systems including surreptitiously opening locks and viewing security camera footage.” However, “[i]n a frantic effort to mitigate and hide its actions, ADT began a campaign to call all affected account holders and secure a release and confidentiality agreement in exchange for a monetary payment representing a fraction of the value of their claims.”
ADT Pulse allows consumers to “check on your home – even if you’re away” via remote access to home security. Consumers can “arm and disarm their home security systems, remotely lock and unlock doors, view live camera footage, and control various smart home devices like a thermostat and lights.” Anyone with valid login credentials could log into the ADT Pulse portal.
According to the complaint, ADT knows of at least one employee, Telesforo Aviles, that accessed more than 200 different accounts over the last seven years; the technician also added his own email address and credentials to allow him to remotely login to customers’ accounts. The plaintiffs said this occurred because ADT failed to implement adequate security and safety features that prevented anyone but the account holder and other household members from adding email addresses and accessing the account. added. They added that “this breach came to light only by luck and happenstance: a customer, reporting a technical issue, inadvertently revealed the unwanted third-party access.”
ADT is accused of breach of contract; negligence; intrusion upon seclusion; Computer Fraud and Abuse Act violations; negligent hiring, supervision and retention; and intentional infliction of emotional distress.
The plaintiffs have sought to certify the class actions and for each plaintiff and counsel to represent their respective classes, declaratory judgment, award for damages, pre- and post-judgment interest, award for expenses and fees, and other relief as determined by the court.
The cases were filed in the Southern District of Florida. Plaintiffs are represented by Kelley Uustal; Edelson; Fears Nachawati; and Carter Law Group.