American Tower Corporation Listed by shinyhunters Ransomware Group
Over 5.2 million records consiting of a significant amount of customer and landowner PII, other records tied to other companies such as T-Mobile, Verizon, and the US DHS, several tower asset records containing GPS data and plaintext physical access/gate codes for cell tower compunds across the United States, thousands of internal corporate data, and a lot more were compromised. We urge you to reach out. This is a final warning to reach out by 15 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. |
On June 12, 2026, the shinyhunters ransomware group listed American Tower Corporation on its leak site, claiming to have exfiltrated more than 5.2 million records containing customer and landowner personally identifiable information.
Confirmed Details of the Breach
Public reporting indicates the attackers obtained internal files that include records tied to other companies such as T-Mobile, Verizon, and the US Department of Homeland Security. The data set also contains thousands of tower asset records with GPS coordinates and plaintext physical access and gate codes for cell tower compounds across the United States.
Additional material includes a significant volume of customer and landowner PII along with other internal corporate documents. The group set a deadline of 15 June 2026 for American Tower to contact them, warning of further leaks and “annoying digital problems” if the company does not respond.
Why This Matters for You and Your Family
If your personal information was provided to American Tower as a customer, landowner, or through any linked service, it may now sit in a ransomware leak repository. Names, addresses, phone numbers, and other PII can be used to open accounts in your name, file fraudulent tax returns, or target you with convincing phishing messages.
Even if you never directly interacted with American Tower, the breach includes data tied to major wireless carriers and government partners. A single exposed phone number or address can serve as the starting point for attackers to locate you and your family members online.
The Doxxing and Identity-Chain Implications
Plaintext gate codes and GPS locations turn a data breach into a physical security threat. Anyone with the leaked files can locate specific cell tower compounds and potentially gain entry. More concerning for individuals is how this information chains together: an email or phone number from the American Tower dump can be correlated with gaming accounts, social-media handles, and family-member profiles.
Once attackers map these connections, they can move from digital harassment to doxxing, SIM-swapping, or using your credentials to seize control of accounts belonging to you or your children. Credential leaks like this one frequently cascade into account takeovers precisely because people reuse passwords across services.
Shinyhunters’ Publicly Known Track Record
Public reporting attributes the shinyhunters group with emerging in 2020 and repeatedly targeting organizations that hold large volumes of personal data. Notable prior victims have included online education platforms, genealogy services, and other telecommunications-related entities. Their typical playbook involves initial access through phishing or stolen credentials, followed by exfiltration of customer databases, then extortion demands backed by the threat of public leaks on dedicated sites.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what chains back to the American Tower exposure.
- Rotate any password you used at American Tower or any of the mentioned partner organizations, then enable 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught within hours instead of months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same address or parent email.
- Let remediation specialists handle takedown requests across data brokers and leak sites while you focus on securing your own accounts.
The incident shows how quickly corporate breaches become personal ones when physical access details and customer records are combined. Taking deliberate steps now limits how far attackers can travel down the identity chain that leads to you and your family. DoxxScan by GalaxyWarden provides continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts.
Related breaches
Preneed Funeral Programs Listed by play Ransomware Group
United States…
Edge Solutions | Stone Ridge Payments Listed by akira Ransomware Group
Edge Solutions is dedicated to leveraging technology to create a better world. With a focus on inte…
Richmont Graduate University Listed by AiLock Ransomware Group
Richmont Graduate University is a Christian graduate institution offering master's programs in couns…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →