Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Real estate firm Cushman & Wakefield confirmed a limited data breach following a vishing attack that led to unauthorized access. Two separate cybercrime groups, ShinyHunters and Qilin, claimed responsibility for the incident, though the attacks appear unrelated. The company has activated incident response protocols and is working with third-party experts to investigate.
- ▪Cushman & Wakefield confirmed a limited data security incident resulting from a vishing attack.
- ▪Two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for the breach.
- ▪ShinyHunters claimed to have stolen over 500,000 Salesforce records containing personally identifiable information (PII).
- ▪Qilin listed Cushman & Wakefield on its data leak site on May 4, 2026, without detailing the method of attack.
- ▪The company stated its systems and operations remain functional during the investigation.
Opening excerpt (first ~120 words) tap to expand
Cyber-crime Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats Connor Jones Tue 5 May 2026 // 13:34 UTC Real estate giant Cushman & Wakefield has confirmed a data breach after two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for attacks on the company. A spokesperson told The Register the attack was "limited" in scope and stemmed from vishing (voice phishing), suggesting an employee was socially engineered. The representative said: "Cushman & Wakefield recently became aware of a limited data security incident due to vishing.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Register.
Discussion
0 commentsMore from The Register
