Cushman & Wakefield, a global commercial real estate services firm that reported $10.3 billion in 2025 revenue and about 53,000 employees, is tied to a May 2026 ShinyHunters leak after an alleged Salesforce CRM dataset was published following a vishing incident (www.cushmanwakefield.com, cybernews.com). leaksear.ch has indexed 490,755 records from the dataset, with May 1, 2026 listed as the breach date and searchable fields including names, email addresses, phone numbers, addresses, usernames, countries, and dates of birth (leaksear.ch metadata).
What happened
Public reporting says Cushman & Wakefield confirmed a limited data security incident due to vishing, activated response protocols, took steps to contain unauthorized activity, brought in third-party experts, and said systems and operations continued normally (www.theregister.com, cybernews.com). Cushman & Wakefield did not confirm ShinyHunters' Salesforce theft claim in those reports.
The Register reported that ShinyHunters claimed it attacked the company on May 1, 2026 and stole more than 500,000 Salesforce records containing PII and internal corporate data (www.theregister.com). Cybernews later reported that ShinyHunters updated its leak site and published a roughly 50 GB archive tied to Cushman & Wakefield after ransom negotiations allegedly failed (cybernews.com).
Public reports also noted a separate Qilin listing for Cushman & Wakefield, but those reports said the Qilin post had fewer details and did not establish a connection to the ShinyHunters claim (www.theregister.com, cybernews.com).
What data was exposed
The leaksear.ch index identifies the searchable fields as address, country, date of birth, email, name, phone, and username (leaksear.ch metadata). Other stored record fields include company names, Salesforce account and user identifiers, departments, divisions, titles, phone and fax variants, mailing and other address components, locale, language and time zone settings, created, modified, last activity and last login timestamps, manager, profile and role IDs, lead source, and email preference flags (leaksear.ch metadata).
Have I Been Pwned separately lists the Cushman & Wakefield breach as affecting 310.4 thousand accounts and describes the compromised data as primarily business information, including email addresses, job titles, names, phone numbers, physical addresses, and salutations (haveibeenpwned.com). That account count is different from the 490,755 records indexed by leaksear.ch because breach services may deduplicate or scope datasets differently (leaksear.ch metadata).
Why this matters
CRM data is useful for targeted phishing because it connects people to companies, job roles, phone numbers, addresses, and business relationships. The presence of usernames, contact details, Salesforce identifiers, and communication metadata can help attackers make outreach appear legitimate, especially by phone or email (leaksear.ch metadata).
Security teams should review email and voice-phishing controls for contacts present in the dataset and watch for lures referencing Cushman & Wakefield, property services, leasing, invoices, or vendor relationships. Individuals and business contacts should treat unexpected calls, password-reset requests, invoice changes, and document-sharing links as higher risk. If you may have dealt with Cushman & Wakefield, use the exposure check below to see whether your details appear in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, name, phone, and username.
Sources
- Cushman & Wakefield: Cushman & Wakefield Reports Financial Results for the Fourth Quarter and Full Year 2025
- The Register: Cushman & Wakefield confirms vishing cyberattack
- Cybernews: Cushman & Wakefield confirms breach as Salesforce hackers ShinyHunters, Qilin stake claims
- Cybernews: ShinyHunters leaks Cushman & Wakefield Salesforce dataset after failed negotiations
- Have I Been Pwned: Cushman & Wakefield Data Breach
- GBHackers: Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts