Our ADT "experience" was a comedy of errors...until it became, not so funny.

We moved into a house in October which had an extensive ADT system pre-installed. We contacted them, they sent out a sales guy, and we signed our contract...a 3 year deal with only 2 years enforced (and duly noted on the contract). Jim, our sales guy left us a copy of our contract and went on his merry way. A few days later, the installer came out to activate the system, replace batteries and make sure everything was working. Again, no issues.

So then it started. On January 20th, we received a letter from the postal service noting that a piece of mail had been found which had been opened. It was an original copy of our contract with our full address, all phone numbers, my credit card number, expiration date, signature, all information about our alarm set up AND the emergency password code...all in the clear for anyone's prying eyes to see.

Then the saga continued. My wife immediately contacted ADT and informed them of this breach of our security and changed the password code. Later that night, I received a call from an ADT rep saying 'the postal service notified them...' and I quickly corrected the guy on the phone that it was my wife who did notify them of what happened. He then asked if XYZ <our NEW password code> was the new password code or the old one. This is a COMPLETE violation of ADT security policy as well as any security company I have ever dealt with. They ALWAYS ask you for the code and verify the code is correct. They NEVER are supposed to tell you the code phrase.

After that, I mentioned, "Well you know my credit card number has been exposed too." To which the response was "there's nothing we can do about that, you need to call your credit card company." At which point I lost it...seriously lost it. I told the fella on the phone, obviously you do not understand the seriousness of this breach. I informed the guy on the phone that I wanted a call from a manager on this issue ASAP. Of course, that never happened.

The next phase of the 'experience' came when we tried to find someone, anyone, at ADT who would actually take this seriously and realize how gross this breach was. After upwards of 10 calls between my wife and I, I finally spoke with a guy named Cornell out of the Beaverton, Oregon office after attempts to speak with the regional customer service manager, Thomas Bennett, went un-answered.

I explained in detail the fact we had a copy of our contract, so there was no need to send a copy, especially a copy with all of our personal information in the clear. Cornell explained that this was clearly not a standard process or procedure within ADT and that if they ever sent information like that, it would be sent by a traceable means. I also explained how the person I spoke to on 1/20 TOLD me my password code and did not ask me for it. He stated that that was clearly not the right process and that he would have that researched and see that the person receive training on the proper processes so that it did not happen again. I again asked to have Mr. Bennett call me to discuss how all this had been handled and expressed how frustrated we were that a security company would allow breaches like this to occur. I also expressed my concerns for identity theft and that I was considering a discussion with my lawyer

Several days went by with no response or anything. Several calls and voicemails back to Cornell went un-answered. So on 2/3, I receive a call from a manager named Tim who informs me that Cornell asked him to look into my claim that I received a call from an ADT employee who did not ask me for my password code, but rather told me what my code was. Tim proceeds to tell me that he researched this and there was no recording of the call, so there was nothing they could do. Interestingly enough, my call with Tim was being recorded (the beeping on the line was the indicator). I asked Tim a few probing questions like, "you mean you cannot tell when someone accesses a person’s account?" The response was, not unless the person makes a change to the account. What??? You have got to be serious?? A security company that does not log who is accessing customer account data?? I informed Tim that I was an IT Director and KNOW that everything can and should be tracked, considering they are a publically traded company. Additionally, I suggested that they could check their phone records for the call to my number and find out who made the call. Tim seemed dis-interested in my suggestion and I again requested to speak with Mr. Bennett on these issues. I also called Cornell and left him a voicemail outlining my frustration and anger with how major security breaches like this just seem to be dismissed.

Several more days went by with no response. I called Cornell while on business travel and finally got him on the line. Cornell then proceeded to explain to me ADT’s positions on the matters I had raised. First, ADT claimed no responsibility for the ‘postal services mis-handling’ of the original contract copy they sent. Secondly, he explained that Tim was not able to track down anything on the person who called me since there was no recording of the call and there was no record of anyone accessing my account (supposedly). After Cornell stated his side, I re-enforced my position that the contract should have never been sent in the first place and that they could simply look at phone records to find out who called me. I also expressed dismay that Tim had told me that there was no way to track who accesses customer accounts. Cornell agreed that he would be concerned as well, since he is a customer of the security service. Cornell then explained that they had referred my case to their legal team, since I had indicated I was going to talk to my lawyer.

I then again expressed to Cornell that was still waiting for a call from Mr. Bennett on all of these issues and he assured me he would try to set something up for the following week. I also expressed to Cornell that I was trying to be reasonable about this whole thing and merely wanted ADT to accept responsibility for what they had done and provide me token compensation for the damage I had suffered through having to change all my credit card info, bill payments, etc.

Then, on Feb 18th, I finally receive a call from Mr. Bennett with Cornell and another person on the line. Mr. Bennett proceeds to merely state, “Cornell mentioned you wanted to speak with me.” Then there was silence. No nothing about trying to recap what he had been told, what the situation was, why I was so frustrated with ADT, no nothing, just silence. I stated, well, I expected Cornell had informed you of all of the issues, is that not the case. I again expressed my frustration with having to repeat, again and again, all of these issues to yet another person who seemingly had no interest in helping or doing the right thing.

Mr. Bennett then stated how they could not be liable for the postal service mis-handling the mail. I again expressed that the issue was not that it was mis-handled, but simply that it had been sent by an employee of theirs against their normal processes and procedures. Coincidentally, the employee no longer works for them. Mr. Bennett then stated, that the employee did not violate policy…which I corrected him and said, I never said policy, I said standard procedures and processes and that Cornell had been the one who stated that mailing the contract in such a manner was not a standard process. I then questioned why they could not track who called me that one night. Again, no answer. I provided them the time of the call, the date and the number which my home caller ID had shown and asked them to ‘figure it out.’ I then asked why I was told that access to customer account information was not tracked. Condescendingly, Mr. Bennett asked, “You seem to know a lot about our policies, have you read them?” I explained that I had not, but I know security requirements for publically traded companies, I know ISO requirements and that I have over 20 years in IT and IT security under my belt.

After that, I just cut to the chase and asked if he was aware at what I was requesting them to do to compensate me for all of my time I had to spend dealing with this whole issue. He mentioned that I wanted to be able to end my contract at any point in time with no termination fees or penalties. I replied, “And…” To which I received another condescending remark to which I replied, “and I do not want to pay for any more monitoring service until the contract runs out or I find another service in my area.” Interestingly enough, this was the same thing I told Cornell the last time I had spoken with him and his response was that that sounded reasonable and fair given the circumstances, but he could not commit to anything.

With that said, Mr. Bennett then asked me if I was happy with their monitoring services to which I responded, no I am not happy with any of your services and if I could find a replacement service in my area I would drop ADT like a hot rock. At that point, Mr. Bennett responded with, here is what I am going to do, since you are not happy with our service, I am going to contact our legal department and have them terminate our agreement with you since we do not want to do business with you under these circumstances. At which point, I uttered an explicative and hung up.

ADT has no concept of customer service and support. They obviously have no concept of following standard process and procedure. They obviously do not handle customer confidential information with proper due care, nor do they seem to have proper computer security, monitoring or audit trails available in the event of a security breach such as I have outlined here. They do have a crack staff at routing customers to voicemail, dead ends, people who do not care, making excuses, placing blame and avoiding accountability.

I will be writing a letters ‘up the chain’ and will be making this issue known to everyone I can, since a security company that does not take security breaches serious is a major issue. Where else I take this, I have not yet determined…to be continued.

On a side note, during this whole fiasco, in my work role, I had been tasked with securing 6 buildings, nationwide. I deliberately did not offer that information as leverage to my personal situation, but rather wanted to see if they would ‘do the right thing.’ That was answered very quickly and directly. ADT had an opportunity to right a really wrong situation and gain back a level of integrity and trust with me. Instead, they just cost themselves the opportunity at over $120K in installation business, plus ongoing security monitoring fees. I hope Mr. Bennett and his crew of head-nodding, excuse-making colleagues help explain that lost opportunity to the higher-ups there at ADT.