Cushman & Wakefield, a global real estate services firm, has confirmed a data breach following claims by two cybercrime groups, ShinyHunters and Qilin, that they had attacked the company. The breach, described as a vishing (voice phishing) attack, was disclosed in a statement to The Register on May 5, 2026.
A company spokesperson told The Register that the attack was 'limited' in scope and involved unauthorized access to certain systems. The spokesperson did not specify the number of affected individuals or the exact data compromised, but stated that the company is investigating the incident and has notified relevant authorities.
ShinyHunters and Qilin are known cybercriminal groups that have previously claimed responsibility for breaches at other organizations. The groups have not yet released any stolen data publicly, according to reports.
Cushman & Wakefield advised customers and employees to remain vigilant against phishing attempts and to monitor their accounts for suspicious activity. The company said it is working with cybersecurity experts to enhance its defenses.
