In a class-action lawsuit filed in a Florida district court yesterday, plaintiffs allege they've been harmed after an ADT technician who'd installed indoor security camera systems at their households used the camera systems' remote access capabilities to spy on them over a seven-year period.
The two complaints, filed by law firm Edelson PC, represent hundreds of plaintiffs; both people who signed contracts with ADT for security cameras, as well as members of households who were present during the times the cameras were accessed but were not contract signatories.
In the case of those who signed contracts, plaintiff Shana Doty, a Texas resident, alleges she received a phone call in April 2020 that an ADT technician had granted himself remote access to the security camera he'd installed at her home and used it to watch herself, her husband and their young son. She was informed the spying had occurred on not only herself but to hundreds of others over a seven-year period via ADT's "Pulse" product, which allows users to check on their homes via live camera footage, lock or unlock doors, change the thermostat or turn on the lights, for example, via mobile app or web portal.
The complaint alleges it was the "large vulnerabilities in the ADT Pulse application" that "allowed any one of (the company's) technicians to grant themselves (or for them to grant anyone else for that matter) access to a customer's ADT Pulse application and control every aspect of the customers' home security systems ... ADT’s investigation revealed that at least one ADT employee in the Dallas-Fort Worth Texas area, named Telesforo Aviles, had access to more than 200 different customers’ ADT Pulse accounts for the last seven years."
ADT has confirmed allegations that the technician added his own personal email address to the affected customers' accounts, which allowed him remote access to the home using his own credentials. The company has also confirmed to The Privacy Advisor that the employee who accessed the home cameras using his own credentials was terminated "as soon as we discovered the improper behavior."
The second complaint, filed by plaintiff Alexia Preddy, represents household members who did not themselves sign a contract with ADT but were allegedly impacted by the spying. Preddy's mother was informed in April that the technician had accessed home security footage nearly 100 times during the years Alexia was a teenager.
But ADT is at fault, the complaint states, for failing to implement "adequate procedures" that would have prevented non-household members from adding their email addresses to customers' accounts, therefore granting them access.
In its filing, Edelson states on behalf of the plaintiffs that the "mental and emotional impact this revelation has had on every person receiving these calls from ADT is immeasurable," the court filing states. "Moments once believed to be private and inside the sanctity of the home are now voyeuristic entertainment for a third party. And worse, those moments could have been captured, shared with others, or even posted to the internet."
The complaint further alleges that upon realizing such remote access had occurred, ADT called affected customers and offered a confidentiality agreement in exchange for a monetary payment.
In a comment to The Privacy Advisor over the allegations, an ADT spokesperson said, "ADT reported to law enforcement in April that a former employee gained unauthorized access to the ADT accounts of 220 customers in the Dallas area. We took immediate action and put measures in place to prevent this from happening again. We deeply regret what happened to the 220 customers affected by this incident and have contacted them to help resolve their concerns. We are supporting law enforcement’s investigation of the former employee and are committed to helping bring justice to those impacted by his improper actions."
Asked why his firm — which tends to be selective in the privacy cases it picks up — chose to bring the class-action against ADT, Jay Edelson, the firm's founder, said, in fact, the firm is being very selective in the privacy cases it brings, especially given the current pandemic.
"This case resonated with us on both a legal and emotional level. People buy home security systems so that they can be safe. When our clients found out that they had been surreptitiously watched even in some of their most private moments, they were rightfully extremely upset about it," he said. "As technology moves forward and we adjust to a life that increasingly relies on products and services that have the ability to monitor us, it is vitally important that systems are in place so things like this never happen again."
Photo by Benedikt Geyer on Unsplash