ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Cushman & Wakefield Data Breach

cushmanwakefield.com
Limited exposure
Verified breach
Accounts exposed 310,431
Breach date 05 May 2026
Added to tracker 12 May 2026
Data classes 6

What happened

In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.

Exposed data

Email addresses Job titles Names Phone numbers Physical addresses Salutations

Recommended actions

  • Watch for targeted phishing emails referencing Cushman & Wakefield โ€” attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk โ€” consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP