ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Berkadia Data Breach

berkadia.com
Limited exposure
Verified breach
Accounts exposed 305,216
Breach date 19 Mar 2026
Added to tracker 15 Jun 2026
Data classes 5

What happened

In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.

Exposed data

Email addresses Employers Names Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing Berkadia โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP