What happened in the American Tower data breach?

In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to employees, contractors...

What data was exposed in the American Tower breach?

The breach exposed Email Addresses, Names, Phone Numbers affecting 216,601 accounts.

Am I affected by the American Tower breach?

If you have an account with American Tower, your data may be compromised. Check Have I Been Pwned (haveibeenpwned.com) to verify, and change your passwords immediately.

What should I do if I'm affected by the American Tower breach?

Change your American Tower password immediately. Enable two-factor authentication. Monitor your accounts for suspicious activity. If financial data was exposed, contact your bank and consider a credit freeze.

American Tower Breach: 216K Emails & Phone Numbers Exposed (2026)

Overview

American Tower, a global telecommunications infrastructure company operating over 225,000 cell towers, was hit by a “pay or leak” extortion campaign in June 2026. The threat group ShinyHunters claims to have exfiltrated a database containing 216,601 unique email addresses, along with associated names, physical addresses, and phone numbers. The data, which includes records of employees, contractors, customers, and business leads, was published on a dark web leak site after American Tower reportedly refused to pay the ransom.

What Was Exposed

The stolen database includes personal identifiable information (PII) that, while not including financial accounts or Social Security numbers, creates serious risks for the affected individuals:

Email addresses: All 216,601 records include email addresses, making this a credential-level exposure.
Names: Full names tied to each email, enabling targeted phishing and social engineering.
Physical addresses: Home or business addresses, increasing the risk of physical mail fraud and doxxing.
Phone numbers: Mobile and landline numbers, opening the door for SMS-based scams (smishing) and vishing (voice phishing).

How the Breach Happened

ShinyHunters, a known extortion group that has previously targeted companies like AT&T and Microsoft, claims to have breached American Tower’s internal systems and exfiltrated this customer and employee database. The group then demanded payment, threatening to publish the data publicly. When American Tower did not comply, the full dataset was released on the dark web. The exact initial access vector - whether through a compromised VDI, a phishing campaign, or an unsecured cloud instance - has not been disclosed.

Who’s Actually Affected

This breach is not limited to American Tower employees. The leaked data includes three distinct groups:

Employees and contractors of American Tower
Customers who use American Tower’s colocation or tower leasing services
Business leads - potential clients whose contact information was stored in the company’s CRM or marketing databases

If you have ever submitted a contact form on the American Tower website, received a sales inquiry from them, or worked on a telecom infrastructure project, your email address could be in this leak.

How to Check If You’re Affected

The breach has been indexed by Have I Been Pwned (HIBP). Visit haveibeenpwned.com and enter your primary email address. If your email appears, your name, phone number, and physical address may also be exposed.

If you are an American Tower employee or contractor, also check any secondary work email addresses you use. The company has not yet released a full list of affected accounts, so relying on HIBP is the fastest way to confirm.

What to Do Right Now

Enable multi-factor authentication on every account that supports it, especially email and any platforms where you use the same email address found in this breach.
Be hyper-vigilant about phishing: With names and phone numbers exposed, expect targeted scam calls, texts, and emails impersonating American Tower, telecom vendors, or your employer. Do not click links or provide information to unknown senders.
Freeze your credit: While SSNs and financial data were not confirmed exposed, physical addresses are now public. Request a credit freeze through Equifax, Experian, and TransUnion to prevent someone from opening accounts in your name with just your address.
Update passwords immediately: Any password associated with an email address in this leak should be changed, especially if reused across sites. Use a password manager to generate unique, complex passwords.

Security Insight

American Tower’s refusal to pay the ShinyHunters ransom follows best practices for not funding criminal activity, but the company failed to secure a database containing both employee and customer PII. This incident mirrors the 2024 breaches at major telecom infrastructure firms, where cloud misconfigurations and unsecured APIs were common entry points. The inclusion of business leads in the leaked data suggests broad data collection practices that lack proper access controls - a lesson for any company operating B2B sales CRM systems.

American Tower Breach: 216K Emails & Phone Numbers Exposed (2026)

Overview

What Was Exposed

How the Breach Happened

Who’s Actually Affected

How to Check If You’re Affected

What to Do Right Now

Security Insight

Further Reading

Investigate Breaches Safely with NordVPN

Never miss a data breach report

Related Breach Reports

Overview

What Was Exposed

How the Breach Happened

Who’s Actually Affected

How to Check If You’re Affected

What to Do Right Now

Security Insight

Further Reading

Investigate Breaches Safely with NordVPN

Never miss a data breach report

Related Breach Reports

Never Miss a Critical Alert