Security alarm companies now routinely offer consumers various types of remote interactive services in addition to traditional home monitoring. Such interactive features not only include the ability for customers to arm and disarm their system, but also to remotely lock and unlock doors, view live security camera feeds and control smart home devices like thermostats and light fixtures, through either a mobile application or web browser portal.
A flurry of recent cases show, however, that these offerings are not without risk. In April, 2020, a customer of ADT Security Services (ADT) discovered an unauthorized email account on their account. An internal investigation revealed that a technician who had worked for ADT for more than seven years had routinely added his personal email account to customers' ADT Pulse accounts and gave himself real-time access to the video feeds from their homes. The technician, who pleaded guilty to hacking home security footage in January 2021, accessed roughly 200 customer accounts more than 9,600 times without their consent.
As a result of this incident, several lawsuits have been filed both on behalf of ADT customers and minors and others living inside the impacted homes. The lawsuits allege that ADT marketed its camera systems as a way for parents to check in on kids and pets with live streaming video, yet failed to implement standard safeguards like dual authentication or text alerts when parties access the accounts. The most recent lawsuit, Doty v. ADT, LLC d/b/a ADT Security Services, No. 21-cv-80645, was filed on April 2, 2021 in federal court in the Southern District of Florida, and asserts claims for negligence, intrusion upon seclusion, negligent hiring, intentional infliction of emotional distress and privacy monitoring.
The lawsuits against ADT are part of a larger trend of privacy class actions against companies. In late 2019, after consumers reported that their Ring camera systems were hacked and compromised, a series of class action lawsuits were filed against Ring LLC and Amazon.com alleging that Ring failed to implement basic security features and that the consumers' privacy was invaded. Those lawsuits remain pending.
Not only do these lawsuits pose a public relations challenge, they can cause significant reputational damage to a company named in a lawsuit. They also may result in large damage awards, which are often based on the alleged loss of the intrinsic value of privacy. These lawsuits also demonstrate the critical role of cybersecurity in supporting remote home monitoring – not only do alarm companies need to stay at least one step ahead of any potential hackers, they need to remain vigilant in ensuring that their customers remain protected.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.