Calling it a "disgusting betrayal of trust," US attorneys with the Northern District of Texas announced Thursday that an ADT home security technician has pleaded guilty to repeatedly hacking into customer video feeds for the purpose of spying on women.
The breaches of customer privacy affected 220 accounts, prosecutors say. The technician, 35-year-old Telesforo Aviles, admits to viewing those accounts 9,600 times over a period of four-and-a-half years. Now he faces up to five years in federal prison on computer fraud charges.
According to the plea, Aviles admitted to violating company policy by routinely adding his email address to ADT Pulse customer accounts, granting him real-time access to those customers' video feeds. In some instances, he acted without the customer's knowledge; in others, he told the customer he needed temporary access to test the system. Once in, Aviles admitted, he'd screen the video feeds for women he found attractive, then repeatedly view those feeds for sexual gratification, including watching women undress and watching couples have sex.
"This defendant, entrusted with safeguarding customers' homes, instead intruded on their most intimate moments," said Acting US Attorney Prerak Shah. "We are glad to hold him accountable for this disgusting betrayal of trust."
ADT said it discovered the breach last April, after a customer complained about an unauthorized email on an account. Upon investigation, ADT learned that Aviles had added his email to numerous accounts throughout the Dallas area for the purpose of improperly viewing customer feeds.
At that point, the unauthorized access was revoked, Aviles was fired and referred to law enforcement, and ADT notified customers of the breach.
"We apologize to the customers affected by the actions of this former employee and deeply regret this incident," the company wrote in a statement from April.
"Our customers trust ADT with their safety and protection," the statement reads. "We understand that this incident jeopardizes that trust and is entirely unacceptable. We will make extraordinary efforts to earn back that trust."
To that end, the company says it has implemented "technical and procedural solutions" to prevent this sort of abuse from happening again, and adds that it's enlisted third-party experts to assist in a full review of the company's privacy and security practices. The company committed to supporting law enforcement with "whatever they need to help bring justice to the victims of this former employee."
"We are grateful to the Dallas FBI and the U.S. Attorney's Office for holding Telesforo Aviles responsible for a federal crime," the company said in a statement released Friday.
ADT has been sued over the case and is seeking to resolve its legal liability through arbitration courts. An ADT spokesperson says that the company has identified and contacted all of Mr. Aviles' victims.
"We're using all the resources at our disposal to help ensure their safety, provide peace of mind and attempt to address all the concerns they may have," the company posted.