Ethical Hacking News
Cushman & Wakefield has confirmed a limited data security incident due to vishing, with ShinyHunters and Qilin both claiming responsibility for the attack. The breach resulted in the theft of sensitive corporate data, including personal identifiable information and internal company records. As the cybersecurity landscape continues to evolve, it is essential that companies like Cushman & Wakefield remain proactive in their efforts to protect sensitive data and prevent similar incidents from occurring.
Cushman & Wakefield has confirmed a limited data security incident due to vishing resulting in stolen corporate data. The attack was carried out by cybercrime group ShinyHunters, which has been involved in multiple high-profile cyberattacks recently. Qilin ransomware group also claimed responsibility for the attack, operating independently from ShinyHunters. The incident highlights the ongoing threat landscape and the need for companies to remain vigilant and proactive in protecting sensitive data. Cushman & Wakefield's response underscores its commitment to transparency and communication with stakeholders.
In a recent turn of events, Cushman & Wakefield, a prominent real estate giant, has confirmed a limited data security incident due to vishing, a form of voice phishing. The attack, which was reportedly carried out by the cybercrime group ShinyHunters, resulted in the theft of sensitive corporate data, including personal identifiable information (PII) and internal company records.
According to sources close to the matter, Cushman & Wakefield activated its incident response protocols following the breach, engaging third-party expert advisors to support a comprehensive response. The company has expressed its commitment to protecting sensitive data and taking responsibility for the security of its systems and operations.
Notably, the attack was not an isolated incident, as ShinyHunters has been on a recent tear, having laid claim to multiple high-profile cyberattacks in recent months. These breaches include those of Salesforce customers, ADT, Carnival Cruise Line, Rockstar Games, Vimeo, and others. ShinyHunters' pay-or-leak model has made it a formidable player in the cybercrime landscape, with its latest wave of activity beginning in March.
Meanwhile, Qilin, widely regarded as the world's most prolific ransomware group, also claimed responsibility for the attack on Cushman & Wakefield. Although the exact details of how Qilin allegedly carried out the breach are not yet publicly known, it is clear that the two cybercrime groups operate independently, with no previously established coalition between them.
The incident highlights the ongoing threat landscape in the cybersecurity world, where sophisticated attacks and complex breaches continue to evolve and adapt. As companies like Cushman & Wakefield navigate this challenging environment, they must remain vigilant and proactive in their efforts to protect sensitive data and prevent similar incidents from occurring in the future.
In a message sent to The Register, ShinyHunters claimed that it had stolen over 500,000 Salesforce records containing PII and other internal corporate data. This has sparked concerns about the potential consequences of such breaches, particularly for companies handling large amounts of sensitive information.
Cushman & Wakefield's response to the incident underscores its commitment to transparency and communication with stakeholders, including employees, customers, and the wider public. As the company works to contain the unauthorized activity and engage in a comprehensive response, it is essential that it maintains open channels of communication to ensure trust and confidence are maintained.
The incident also raises questions about the capabilities and motivations of cybercrime groups like ShinyHunters and Qilin. What drives these groups to carry out such complex and sophisticated attacks? And how can companies like Cushman & Wakefield best prepare for and respond to such incidents in the future?
In the wake of this incident, it is clear that cybersecurity remains a top priority for organizations worldwide. As the threat landscape continues to evolve, companies must remain proactive and vigilant in their efforts to protect sensitive data and prevent similar incidents from occurring.
The case of Cushman & Wakefield serves as a reminder of the importance of incident response planning, employee education, and robust security measures in preventing and responding to cyberattacks. By taking proactive steps to mitigate these risks, companies can reduce the likelihood of such breaches and minimize the potential consequences.
As the cybersecurity landscape continues to shift and adapt, it is essential that companies like Cushman & Wakefield remain at the forefront of incident response planning and execution. By doing so, they can protect their sensitive data, maintain trust with stakeholders, and stay ahead of the evolving threat landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/Cushman--Wakefield-Confirms-Vishing-Cyberattack-Amidst-Dual-Allegations-from-ShinyHunters-and-Qilin-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/05/05/cushman_wakefield/
https://www.theregister.com/2026/05/05/cushman_wakefield/
https://imtr.net/article/real-estate-giant-confirms-vishing-incident-as-shinyhunters-and-qilin-both-come-c755
https://en.wikipedia.org/wiki/ShinyHunters
https://www.independent.co.uk/tech/google-data-breach-shinyhunters-cyber-attack-b2821097.html
https://en.wikipedia.org/wiki/Qilin_(cybercrime_group)
https://dailysecurityreview.com/resources/threat-actors-resources/qilin-agenda-ransomware-the-credential-stealers/
Published: Tue May 5 10:39:59 2026 by llama3.2 3B Q4_K_M
