Back to Blog
high severity June 12, 2026 · scope unconfirmed

American Tower Corporation Listed by shinyhunters Ransomware Group

Over 5.2 million records consiting of a significant amount of customer and landowner PII, other records tied to other companies such as T-Mobile, Verizon, and the US DHS, several tower asset records containing GPS data and plaintext physical access/gate codes for cell tower compunds across the United States, thousands of internal corporate data, and a lot more were compromised. We urge you to reach out. This is a final warning to reach out by 15 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. |

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 12, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 12, 2026, the shinyhunters ransomware group listed American Tower Corporation on its leak site, claiming to have exfiltrated more than 5.2 million records containing customer and landowner personally identifiable information.

Confirmed Details of the Breach

Public reporting indicates the attackers obtained internal files that include records tied to other companies such as T-Mobile, Verizon, and the US Department of Homeland Security. The data set also contains thousands of tower asset records with GPS coordinates and plaintext physical access and gate codes for cell tower compounds across the United States.

Additional material includes a significant volume of customer and landowner PII along with other internal corporate documents. The group set a deadline of 15 June 2026 for American Tower to contact them, warning of further leaks and “annoying digital problems” if the company does not respond.

Why This Matters for You and Your Family

If your personal information was provided to American Tower as a customer, landowner, or through any linked service, it may now sit in a ransomware leak repository. Names, addresses, phone numbers, and other PII can be used to open accounts in your name, file fraudulent tax returns, or target you with convincing phishing messages.

Even if you never directly interacted with American Tower, the breach includes data tied to major wireless carriers and government partners. A single exposed phone number or address can serve as the starting point for attackers to locate you and your family members online.

The Doxxing and Identity-Chain Implications

Plaintext gate codes and GPS locations turn a data breach into a physical security threat. Anyone with the leaked files can locate specific cell tower compounds and potentially gain entry. More concerning for individuals is how this information chains together: an email or phone number from the American Tower dump can be correlated with gaming accounts, social-media handles, and family-member profiles.

Once attackers map these connections, they can move from digital harassment to doxxing, SIM-swapping, or using your credentials to seize control of accounts belonging to you or your children. Credential leaks like this one frequently cascade into account takeovers precisely because people reuse passwords across services.

Shinyhunters’ Publicly Known Track Record

Public reporting attributes the shinyhunters group with emerging in 2020 and repeatedly targeting organizations that hold large volumes of personal data. Notable prior victims have included online education platforms, genealogy services, and other telecommunications-related entities. Their typical playbook involves initial access through phishing or stolen credentials, followed by exfiltration of customer databases, then extortion demands backed by the threat of public leaks on dedicated sites.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what chains back to the American Tower exposure.
  • Rotate any password you used at American Tower or any of the mentioned partner organizations, then enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught within hours instead of months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same address or parent email.
  • Let remediation specialists handle takedown requests across data brokers and leak sites while you focus on securing your own accounts.

The incident shows how quickly corporate breaches become personal ones when physical access details and customer records are combined. Taking deliberate steps now limits how far attackers can travel down the identity chain that leads to you and your family. DoxxScan by GalaxyWarden provides continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.