Cushman & Wakefield Data Breach Exposes 310,431 User Accounts

A major real estate firm has become the latest corporate victim of a high-stakes extortion attack.

Cushman & Wakefield, one of the world’s largest commercial real estate services companies, confirmed in May 2026 that threat actors stole and publicly leaked data belonging to over 310,000 individuals, exposing sensitive business contact records in a brazen “pay or leak” campaign.

The breach was orchestrated by ShinyHunters, a prolific cybercriminal group with a long track record of targeting large enterprises.

The attackers reportedly used a vishing (voice phishing) technique to gain initial access, tricking employees over the phone into handing over credentials or internal access.

When Cushman & Wakefield refused to pay, ShinyHunters followed through on their threat and dumped the stolen data publicly.

The leaked dataset was added to Have I Been Pwned (HIBP) on May 12, 2026, making it searchable for affected individuals.

Cushman and Wakefield Data Breach

The leaked records were largely business-oriented rather than financial, but the scope of exposure still poses a real risk.

The compromised data included:

• Full names and salutations
• Corporate email addresses (primarily internal C&W accounts plus tens of thousands of external contacts)
• Job titles and company names
• Business phone numbers
• Physical office and corporate addresses

While no passwords, financial records, or government IDs appear to have been included, the combination of professional contact data makes victims highly vulnerable to targeted spear-phishing, business email compromise (BEC), and social engineering attacks.

Threat actors routinely use this type of “corporate dossier” data to craft convincing fraudulent communications.

If you work with or for Cushman & Wakefield or have had professional dealings with the firm, take these steps immediately:

• Check your exposure at haveibeenpwned.com using your corporate and personal email addresses
• Be highly skeptical of unsolicited calls and emails claiming to be from Cushman & Wakefield or associated vendors
• Watch for spear-phishing attempts; attackers now have enough context to impersonate colleagues, clients, or partners convincingly
• Report suspicious contact to your IT or security team, especially any unexpected requests involving credentials, payments, or sensitive information
• Enable multi-factor authentication (MFA) on all business accounts if not already active

The ShinyHunters group is no stranger to high-profile breaches. The gang has previously been linked to attacks on Ticketmaster, AT&T, and Santander Bank, among others.

Their consistent use of vishing to bypass technical defenses highlights a growing trend: even organizations with strong perimeter security can fall victim when attackers target the human element directly.

Cushman & Wakefield has not disclosed the full details of how the intrusion occurred beyond confirming a vishing-based cyberattack.

Security teams across the real estate and financial services sectors should treat this incident as a reminder to reinforce employee awareness training, especially around phone-based social engineering.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Cushman & Wakefield Data Breach Exposes 310,431 User Accounts appeared first on Cyber Security News.