From 2013 to 2020, a former ADT technician named Telesforo Aviles accessed the security cameras of more than 220 customers across the Dallas-Fort Worth area without their knowledge or consent. Over approximately 4.5 years, he exploited a significant vulnerability in ADT’s system by adding his personal email address to customer accounts during service installations, then remotely viewed live video feeds through the ADT Pulse mobile app whenever he chose. This wasn’t a data breach affecting millions of people—it was a targeted, sustained invasion of privacy that allowed a single trusted employee to watch inside people’s homes, from their living rooms to their bedrooms, for years.
The incident sparked multiple class action lawsuits against ADT, with law firm Edelson PC representing hundreds of affected customers. While some victims received individual settlement offers ranging from $2,500 to $50,000 in exchange for confidentiality agreements, the broader class action litigation remains ongoing, with no comprehensive company-wide settlement amount publicly announced as of April 2026. The case highlights not just one man’s criminal behavior, but systemic security failures at a major home security company that should have prevented this kind of unauthorized access in the first place.
Table of Contents
- How the ADT Technician Gained Unauthorized Access to Customer Cameras
- The Security Vulnerabilities That Made This Possible
- The Criminal Case and What Happened to the Technician
- Settlement Amounts Offered to Affected Customers
- Class Action Litigation Status and Ongoing Challenges
- How to Determine If You Were an ADT Customer Affected by the Spying
- Preventing Future Incidents and Industry Changes
- Conclusion
How the ADT Technician Gained Unauthorized Access to Customer Cameras
Aviles’ method was disturbingly simple because ADT made it so. When he visited customer homes to install or service their security systems, he would add his own personal email address as an authorized user on their ADT account—ostensibly for legitimate service purposes. Once added, he could access those accounts remotely through the ADT Pulse mobile app, giving him the ability to view live video streams from customer cameras anytime he wanted. Over the course of his employment, Aviles accessed roughly 200 customer accounts more than 9,600 times, most of these accesses occurring after his regular work hours.
What makes this vulnerability so troubling is that it required no sophisticated hacking. ADT’s system allowed technicians to add email addresses to accounts with minimal restrictions, and customers had no automatic notification when this happened. A customer might never have known that Aviles had added himself to their account unless they happened to check their account settings. Compare this to modern financial apps, which notify you immediately when someone logs in from a new device—ADT had no equivalent protection. The company’s own internal controls should have flagged when a technician added personal credentials to hundreds of customer accounts, but this apparently didn’t happen until authorities investigated.
The Security Vulnerabilities That Made This Possible
ADT’s failure to implement basic security safeguards created the conditions for Aviles’ spying ring. The company lacked dual authentication (requiring two forms of verification before accessing an account), didn’t send notifications when new email addresses were added to accounts, and had no procedures preventing technicians from adding their personal email addresses to customer systems in the first place. These weren’t cutting-edge security features that only tech companies use—they were standard protective measures that should have been baseline expectations for a company managing home surveillance systems.
The vulnerability persisted for 4.5 years, from 2013 until April 2020 when ADT discovered the unauthorized access and terminated Aviles. That’s not a brief lapse or an oversight caught quickly—it’s years of preventable exposure that violated the most fundamental expectation customers have when they install a security system: that the company itself will protect their privacy. ADT later discovered that Aviles had accessed approximately 200 customer accounts, though the full scope of his actions may never be completely known. What customers viewed as a security upgrade to their homes—cameras meant to protect against strangers—had instead invited someone with system access into their private spaces.
The Criminal Case and What Happened to the Technician
Telesforo Aviles pleaded guilty to federal computer fraud charges related to his unauthorized access to customer accounts. U.S. District Judge Brantley Starr sentenced him for his crimes, marking one of the few clear-cut consequences in a case where the systemic failures belonged to the company. Aviles was terminated by ADT when the unauthorized access was discovered, but by then the damage was done—hundreds of families had been unknowingly watched in their homes.
The criminal case provided some measure of accountability for Aviles personally, but it did little to address the larger question of corporate responsibility. One person’s criminal behavior doesn’t excuse a company’s negligence in security design. A bank teller who embezzles money is prosecuted, but we also expect the bank to have internal controls to prevent it. ADT’s system made Aviles’ crimes not just possible, but easy, which is why the lawsuits against the company proceeded in parallel with his criminal prosecution. For customers, the criminal conviction was a minor consolation compared to the civil claims they pursued for the violation of their privacy and the failure of the company that was supposed to protect them.
Settlement Amounts Offered to Affected Customers
ADT offered individual settlements to affected customers ranging from $2,500 to $50,000 in exchange for confidentiality agreements. At least one customer reported receiving an initial offer of $2,500, which ADT increased to $50,000 after the customer refused the lower amount and reportedly sought legal counsel. The variation in settlement offers suggests that ADT may have evaluated individual cases based on factors like the duration of access, the type and number of cameras accessed, or the customer’s willingness to litigate, though the company has not publicly detailed its methodology.
These settlement amounts reflect ADT’s attempt to resolve individual claims while avoiding broader publicity and a comprehensive class-wide judgment. However, the confidentiality requirements attached to these settlements have limited the public’s understanding of how many customers actually accepted them, at what amounts, and what terms were included. For customers who didn’t accept individual settlements or who weren’t contacted with settlement offers, the class action litigation represents the path to potential compensation, though that process has taken years without reaching a final resolution. The lack of transparency around these individual settlements is itself a limitation—customers cannot easily learn from the experiences of others who faced the same violation.
Class Action Litigation Status and Ongoing Challenges
As of April 2026, multiple class action lawsuits filed by Edelson PC remain in litigation, with no comprehensive class-wide settlement amount announced. This means that hundreds of customers have been waiting for resolution for years, uncertain whether they’ll receive compensation, how much it might be, or when the lawsuits might conclude. Class actions involving privacy violations and emotional distress can take significantly longer to resolve than product liability claims or data breaches, partly because damages are harder to quantify and courts must balance the interests of large groups of affected individuals.
One major challenge in these cases is the confidentiality agreements that some customers already signed in exchange for individual settlements. These agreements can complicate class certification and broader settlement negotiations because they limit what information can be shared among plaintiffs and what the broader group can claim. Additionally, determining the appropriate class definition is legally complex—should it include all customers whose accounts were accessed, only those who discover they were accessed, or only those who can prove they suffered specific harm? These definitional battles can extend litigation timelines significantly. For customers still waiting for resolution, the absence of a final settlement deadline or court-ordered timeline has meant years of uncertainty, which is itself a cost of the case even before any money changes hands.
How to Determine If You Were an ADT Customer Affected by the Spying
If you were an ADT Pulse customer in the Dallas-Fort Worth area between 2013 and 2020, you may have been affected by Aviles’ unauthorized access. The most reliable way to find out is to contact ADT directly and ask whether your account was accessed without authorization during that time period. ADT should have records of which customer accounts Aviles accessed, and they have been communicating with known affected customers about the incident. Alternatively, if you were contacted by ADT about this incident or received a settlement offer, you were almost certainly among the affected customers.
Another indicator is whether you notice unusual login activity in your ADT account history, such as logins from unfamiliar locations or at odd hours when you weren’t home. However, many customers never checked their login history and may not have noticed anything amiss. If you believe you may have been affected, gathering documentation of your ADT service during that period (account statements, service records, installation dates) can help if you decide to pursue a claim. You can also contact the law firm handling the class action litigation directly for information about whether you qualify.
Preventing Future Incidents and Industry Changes
The ADT case has influenced how the security industry approaches customer protection. Since this incident, home security companies have begun implementing the safeguards that should have been standard from the beginning: mandatory notifications when new email addresses are added to accounts, dual authentication requirements, and audit logs of technician access. However, these changes came only after hundreds of customers were violated, demonstrating that regulatory pressure and lawsuit risk were necessary to drive even basic security improvements.
Looking forward, the home security industry faces continued scrutiny around technician access and surveillance oversight. Class action lawsuits like the ones against ADT serve as both a financial deterrent and a signal to companies that privacy failures will be litigated aggressively. However, the multi-year timeline of these cases—with no final resolution yet visible—also reveals a weakness: by the time a lawsuit reaches settlement or judgment, the company’s practices may have already changed due to the bad publicity and interim legal costs. This means that the financial consequences come too late to help the original victims, and companies have no incentive to invest in prevention until after a major incident and subsequent litigation.
Conclusion
The ADT monitoring technician camera spying case represents a significant failure in corporate responsibility. A company entrusted with the security and privacy of thousands of homes failed to implement basic safeguards, allowing a single employee to invade the privacy of more than 220 customers over 4.5 years. While individual settlements have been offered ranging from $2,500 to $50,000, and class action lawsuits remain ongoing, the broader consequences for affected customers extend beyond money—they include a violation of their reasonable expectation of privacy in their own homes and a loss of trust in the company they hired to protect their safety.
If you were an ADT customer in the Dallas-Fort Worth area during the relevant period, investigate whether you were affected and consider your options for joining the class action litigation or negotiating a settlement. Document your service records, contact ADT for confirmation of any unauthorized account access, and reach out to legal counsel if you believe you have a claim. The litigation may take additional years to resolve, but pursuing compensation is important both for your own recovery and to signal to the industry that privacy failures have serious financial and legal consequences.