Cushman & Wakefield Suffers ShinyHunters Data Extortion, 310K Accounts Breached

/MEDIUM
Written by SCW Research Research & Analysis
SCW data-breachthreat-intel
Cushman & Wakefield Suffers ShinyHunters Data Extortion, 310K Accounts Breached

In May 2026, the real estate services firm Cushman & Wakefield was targeted by the ShinyHunters group in a β€œpay or leak” extortion campaign. Following the firm’s non-compliance, ShinyHunters publicly released data they claimed was exfiltrated from Cushman & Wakefield, affecting over 310,000 accounts.

Have I Been Pwned reports that the exposed data primarily consisted of Cushman & Wakefield email addresses, alongside tens of thousands of external email addresses and corporate contact records. The breach exposed critical business information, including names, job titles, company addresses, and phone numbers.

This incident underscores the persistent threat of extortion groups leveraging stolen data for financial gain. The exposure of corporate contact information creates a significant risk for targeted phishing and social engineering attacks against both Cushman & Wakefield employees and their external contacts.

What This Means For You

  • If your organization's employees or third-party contacts were exposed in the Cushman & Wakefield breach, assume their corporate contact details are now in the hands of threat actors. Mandate vigilance against highly targeted phishing attempts. Review your security awareness training with an emphasis on social engineering tactics that leverage publicly available business contact information.

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1560.001 Exfiltration

ShinyHunters Data Extortion - Public Data Leak

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM β†’

Written by SCW Research

Take action on this incident
πŸ“‘ Monitor cushmanwakefield.com Free Β· 1 watchlist slot Β· instant alerts on new breaches πŸ” Threat intel on Cushman & Wakefield All breaches, IOCs & vendor exposure

Related coverage on Cushman & Wakefield

Instructure Reaches Ransom Agreement with ShinyHunters to Stop Canvas Leak

American educational technology firm Instructure, parent company of Canvas, has reportedly reached an "agreement" with the cybercrime group ShinyHunters following a breach. The Hacker News...

threat-intelvulnerabilityransomwaredata-breachmicrosoft
/SCW Vulnerability Desk /MEDIUM /⚑ 3 IOCs /⚙ 3 Sigma

Checkmarx Jenkins Plugin Compromised with Infostealer

Checkmarx has confirmed that a malicious version of its Jenkins Application Security Testing (AST) plugin was briefly distributed on the Jenkins Marketplace. BleepingComputer reports that...

threat-inteldata-breachmalware
/SCW Research /MEDIUM /⚙ 3 Sigma

GhostLock Tool Abuses Windows API to Block File Access

A new proof-of-concept tool, GhostLock, demonstrates a critical abuse case for legitimate Windows file APIs. BleepingComputer reports that GhostLock can effectively block access to files,...

threat-inteldata-breachmalwaremicrosofttools
/SCW Research /MEDIUM