Cushman & Wakefield Hits Vishing Breach After Shiny Hunter Claim
Cushman & Wakefield said a shiny hunter-linked data security incident was limited in scope and came from vishing, after separate claims from ShinyHunters and Qilin put the company in the crosshairs. The real estate giant said its systems and operations continue to run normally while it investigates what happened.
ShinyHunters Claims May 1
ShinyHunters said it attacked Cushman & Wakefield on May 1 and claimed it stole over 500,000 Salesforce records containing PII and other internal corporate data. The group set a May 6 deadline for the company to make contact before the data would be leaked, and said that contact had yet to happen.
That timeline puts the breach claim in motion before the company’s own public acknowledgment. In March, ShinyHunters began a new wave of activity after it laid claim to a supply chain attack involving Salesforce customers via Salesforce itself, and at the time said it had stolen data belonging to Salesforce and more than 100 high-profile customers.
Qilin Lists Cushman & Wakefield
Qilin listed Cushman & Wakefield on its data leak site on May 4, adding a second claim around the same company within days. Cushman & Wakefield did not address the apparent dual targeting by the two groups.
“Cushman & Wakefield recently became aware of a limited data security incident due to vishing,” a spokesperson said. “We have activated our response protocols, including taking steps to contain the unauthorized activity and engaging third-party expert advisors to support a comprehensive response.”
The company also said, “Our systems and operations continue to run normally, and we are working diligently to investigate the incident.” It added, “We recognize the trust placed in us to protect sensitive data and we take this responsibility very seriously.”
Cushman & Wakefield Response
The company said it took steps to contain unauthorized activity and brought in third-party expert advisors to support a comprehensive response. The breach was limited in scope, but the claims around internal corporate data and PII raise the stakes for any follow-up disclosures tied to the incident.
For now, the practical position for the company is simple: it says normal operations continue while it investigates. The pressure point sits with the May 1 and May 4 claims, the May 6 deadline set by ShinyHunters, and whether either group follows through on what it said it had taken.
