Home > Security > Security News

American Tower Data Breach: 215,000+ Accounts Exposed in ShinyHunters Attack

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Unlocked padlock depicting data breach
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Breach Confirmed: ShinyHunters targeted American Tower in a June 2026 "pay or leak" extortion campaign.
  • Data Exposed: The leaked dataset contained more than 215,000 unique email addresses and attached details.
  • Records Affected: Compromised information spans employees, contractors, customers, and leads.

The recent American Tower data breach exposed 216,601 accounts, which were added to breach notification service Have I Been Pwned (HIBP) on June 26, 2026. The company became the target of a ShinyHunters extortion campaign in June 2026, which ultimately led the threat group to publish data concerning employees, contractors, customers, and leads. 

Scope of the Compromised Data

The American Tower data breach leaked a combination of identifying details and contact information, according to HIBP. The full set of compromised data fields belonging to the telecom tower infrastructure company includes:

ShinyHunters claimed to have breached American Tower Corporation | Source: HackManac on X
ShinyHunters claimed to have breached American Tower Corporation | Source: HackManac on X

The announcement said the dataset contained more than 5.2 million records, including customer and landowner PII, tower asset records, GPS coordinates, physical access codes, and internal corporate documents. The hacker group claimed the exfiltrated documents also concerned records tied to other companies such as T-Mobile, Verizon, and DHS.

ShinyHunters’ Breach Activity

The campaign followed ShinyHunters' established extortion model, with the threat actor ultimately publishing stolen data allegedly taken from American Tower. 

Other intrusions connected to ShinyHunters this month include Kodak, Ralph Lauren, Amazon’s One Medical Senior Health, Council of Europe, and Infinite Campus.

In April, LAPSUS$ claimed to have breached Vodafone U.K., and in February, a data breach at the telecom provider Odido, which was also linked to ShinyHunters, exposed millions of Dutch customer records.

Add a Comment
Related
whitefly_espionage
Gamaredon 2025: New Tools, Turla Alliance, Cloud Exfiltration
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
Most Popular
whitefly_espionage
Gamaredon 2025: New Tools, Turla Alliance, Cloud Exfiltration
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Gamaredon 2025: New Tools, Turla Alliance, Cloud Exfiltration
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context

Most Popular
whitefly_espionage
Gamaredon 2025: New Tools, Turla Alliance, Cloud Exfiltration
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Red Codes on Robot
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context
Gamaredon 2025: New Tools, Turla Alliance, Cloud Exfiltration
Canada’s TD Bank Deploys WorkiQ Surveillance Software Amid Privacy Gaps
Polymarket Confirms Crypto Hack, Refunds User Stolen Funds After Third-Party Vendor Breach
Adblock for YouTube Chrome Extension Hides Dormant JavaScript Injection
Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks
Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: