American Tower, which describes itself as a global REIT and a leading owner, operator and developer of multitenant communications real estate, is tied to a June 2026 leak indexed by leaksear.ch at 212,642 records, roughly 213,000 rows (americantower.gcs-web.com, leaksear.ch metadata). The breach date is listed as June 12, 2026, and the indexed data includes names, email addresses, phone numbers, physical addresses, and job titles, while leaksear.ch also indexes usernames and IP addresses as searchable pivots (leaksear.ch metadata, monitor.mozilla.org).
What happened
Have I Been Pwned reports that American Tower was targeted in a June 2026 ShinyHunters pay-or-leak campaign and that the group subsequently published data allegedly taken from the company containing more than 200,000 unique email addresses. HIBP describes the affected addresses as belonging to employees, contractors, customers, and leads, while Mozilla Monitor lists June 12, 2026 as the breach date and June 26, 2026 as the database addition date (haveibeenpwned.com, monitor.mozilla.org).
The public sources reviewed here do not confirm the initial access path. Hackmanac separately posted a larger ShinyHunters claim of more than 5.2 million records and additional operational and internal corporate data categories, but marked the status as pending verification, so those broader claims are not treated here as confirmed exposure (linkedin.com).
What data was exposed
Leaksear.ch indexing metadata lists 212,642 records. Searchable pivots are address, country, email, IP address, name, phone, and username (leaksear.ch metadata). Stored but not directly searchable context fields include job title, company and department data, employee number, manager, account status, login timestamps, MFA-enabled status, device and asset identifiers, vendor numbers, case metadata, and site location fields such as city, state, and ZIP code (leaksear.ch metadata).
Public breach listings by HIBP and Mozilla also identify email addresses, names, phone numbers, physical addresses, and job titles as compromised. HIBP states the email addresses belonged to employees, contractors, customers, and leads (haveibeenpwned.com, monitor.mozilla.org).
Why this matters
For affected individuals, the combination of contact details, roles, and organizational context can make phishing, callback scams, and impersonation more convincing. For security teams, fields such as usernames, IP addresses, account status, last-login timestamps, and MFA status are useful for exposure review and for prioritizing monitoring, but they also increase the value of the data to social engineers (leaksear.ch metadata). Public breach pages reviewed here do not list passwords as exposed, but contact and workplace data is still enough to support targeted fraud and account-recovery attempts (haveibeenpwned.com, monitor.mozilla.org). If you may have worked with or contacted American Tower, use the exposure check on this page to see whether your identifiers appear in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, email, ip address, name, phone, and username.