In March 2021, a collective including Swiss hacker Tillie Kottmann (‘deletescape’) gained access to Verkada’s global security camera management platform by discovering Verkada ‘Super Admin’ credentials exposed in a Jenkins CI/CD server. Using these credentials, the attackers gained root-level access to approximately 150,000 cameras across Verkada’s enterprise customers. Live camera feeds were accessed at Tesla manufacturing facilities, Cloudflare offices, Equinox gyms, Sandy Hook Elementary School, Halifax Health hospital, Madison County Jail, and Tempe Police Department. The attackers also scraped Verkada’s customer list. Kottmann stated the breach was conducted ‘for the lulz and the profit’ and to highlight how widespread surveillance infrastructure is. Bloomberg published screenshots and videos from the accessed cameras, creating significant privacy and security concerns. Verkada disabled internal administrator accounts and notified customers. The US Department of Justice indicted Kottmann in March 2021 on charges unrelated to the Verkada breach; Swiss authorities arrested Kottmann in September 2021.