The Cushman & Wakefield data breach exposed 310,431 records including Email addresses, Job titles, Names, Phone numbers, Physical addresses, Salutations. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers.
- Breach date
- 2026-05-05
- Records affected
- 310,431
- Verified
- Yes
- Domain
- cushmanwakefield.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Job titles
- Names
- Phone numbers
- Physical addresses
- Salutations
What You Should Do
If you had an account with Cushman & Wakefield, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Cushman & Wakefield breach?
What should I do if my data was exposed in the Cushman & Wakefield breach?
When did the Cushman & Wakefield data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help