Data Breach

Marcus & Millichap Data Breach April 2026 - What Was Exposed and What To Do

1,837,078 records exposed

The Marcus & Millichap data breach exposed 1,837,078 records including Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.

What Happened

In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group. Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice, Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".

Breach date
2026-04-12
Records affected
1,837,078
Verified
Yes
Domain
marcusmillichap.com

What Was Exposed

The following data types were included in the breach:

  • Email addresses
  • Employers
  • Job titles
  • Names
  • Phone numbers
  • Physical addresses

What You Should Do

If you had an account with Marcus & Millichap, take these steps immediately:

  1. Check if your account was affected at HaveIBeenPwned.com
  2. Watch for phishing emails that reference the breach or impersonate the affected company
  3. Be alert for social engineering attempts using your exposed personal information
  4. Enable two-factor authentication on the affected service if available
  5. Consider using a password manager to generate unique passwords for each service

FAQ

Was my data in the Marcus & Millichap breach?
Check HaveIBeenPwned.com to see if your email address was included in the Marcus & Millichap breach. The breach exposed 1,837,078 records containing Email addresses, Employers, Job titles, Names, Phone numbers, Physical addresses.
What should I do if my data was exposed in the Marcus & Millichap breach?
Change your password on the affected service immediately. Enable two-factor authentication. If financial data or government IDs were exposed, place a fraud alert with credit bureaus and monitor your accounts for unauthorized activity.
When did the Marcus & Millichap data breach happen?
The Marcus & Millichap breach occurred on 2026-04-12. It was added to the HaveIBeenPwned database on 2026-05-03. The breach affected 1,837,078 accounts.

Need Incident Response?

Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.

Get Incident Response Help