ShellCodeX Breach Report
Cushman & Wakefield Data Breach
cushmanwakefield.com
Verified breach
Accounts exposed
310,431
Breach date
05 May 2026
Added to tracker
12 May 2026
Data classes
6
What happened
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
Exposed data
Email addresses
Job titles
Names
Phone numbers
Physical addresses
Salutations
Recommended actions
- Watch for targeted phishing emails referencing Cushman & Wakefield โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP