A home security technician admitted Thursday that he secretly accessed the cameras of more than 200 customers, particularly attractive women, to spy on while they undressed, slept, or had sex, federal prosecutors said.
Telesforo Aviles, a 35-year-old former employee for the security company ADT, admitted he secretly accessed the customers' accounts more than 9,600 times over more than four years, according to a guilty plea submitted in court.
"This defendant, entrusted with safeguarding customers' homes, instead intruded on their most intimate moments," acting US Attorney Prerak Shah said in a statement. "We are glad to hold him accountable for this disgusting betrayal of trust."
While working for ADT, a home security company that provides alarms, cameras, and locks, Aviles took note of customer homes where attractive women lived, prosecutors said, then repeatedly gained access to their video feeds for sexual gratification.
Aviles' attorney did not immediately respond to a request for comment.
The technician violated the company's policies by surreptitiously adding his personal email address to accounts on ADT Pulse, an app that allows customers to check remotely on their homes' security cameras.
At times, Aviles claimed he needed to temporarily add himself to their accounts to test the security system, prosecutors said. In others, he simply added his email to the account without notifying customers.
The federal charges against Aviles were filed against him in October 2020, five months after multiple ADT customers filed lawsuits against the company in connection to the security breach.
ADT, which is based in Florida, is currently facing three federal lawsuits related to the incident. The breach affected 220 customers who lived in Texas.
According to the lawsuits, ADT began to notify customers about the breach back in April 2020, telling them that one of their employees had accessed customer accounts for about four and a half years.
In court records, one defendant claims Aviles was found to have accessed the home security cameras of her parent's home at least 73 times between 2017 and 2020, including her bedroom while she was still a teenager.
In the lawsuit, the woman said ADT had "failed to implement adequate procedures that would prevent non-household members from adding non-household email addresses" to the mobile app.
Another lawsuit alleges the company had "failed to monitor consumers' accounts and promptly alert them anytime a new email was added to their accounts."
The lawsuit also claims the flagrant security breach was discovered not by the company, but "by luck and happenstance."
"A customer, reporting a technical issue, inadvertently revealed the unwanted third-party access," the lawsuit claims. "But for that event, ADT would be unaware of this invasive conduct."
In a statement to BuzzFeed News, an ADT spokesperson said the company self-reported the incident in April 2020 on its website.
"After we learned of the unauthorized access, we immediately took preventative steps to ensure this can never happen again, and we personally contacted each of our 220 customers who were impacted by this incident," the statement read.
In the three lawsuits, the customers also alleged ADT tried to obtain confidentiality agreements when notifying them of the security breach. In one instance, a customer said she was offered $2,500, as well as credit for monitoring services and upgraded equipment.
When she refused, she alleged the company increased their offer to $50,000.
The spokesperson for ADT said the company apologized to the people who were affected and addressed the matter differently with each customer.
"In speaking to our customers and apologizing for what happened, it's clear that the employee's abuse of access impacted each customer differently," the spokesperson said. "Therefore, we took steps to address their concerns individually."
According to court records, ADT has moved to dismiss the suits, claiming that, per their contracts, customers are required to solve the dispute privately in arbitration.
The three civil cases are still ongoing.
ADT in a statement said the company is continuing to respond to the lawsuits and has resolved the concerns of most of the 220 impacted customers, including those who have retained attorneys to address the issue.
"We remain committed in our attempts to resolve all affected customer concerns," the statement read.
Meanwhile, Aviles could face up to five years in prison for pleading guilty to computer fraud, prosecutors said.
He has been allowed to remain out of custody until his sentencing — but in the meantime, he is prohibited from working in a job that gives him access to video security systems.