Confidence MediumMay 12, 2026cushmanwakefield.com

Cushman & Wakefield Confirms Data Breach from Vishing Attack, ShinyHunters and Qilin Claim Responsibility

PatternExternal actor · Social · Confidentiality impact

Real estate services firm Cushman & Wakefield confirmed a data breach on May 12, 2026, which was tied to a vishing (voice phishing) attack. Cybercrime groups ShinyHunters and Qilin both claimed responsibility for compromising the company. A spokesperson stated that the company activated incident response procedures, contained unauthorized activity, and engaged third-party cybersecurity experts to investigate the breach. The firm did not comment on why two separate threat groups appeared to target the organization simultaneously.

Signal date

May 12, 2026

Updated

Jun 26, 2026

Confidence

Medium

Sources

1 source

Cushmanwakefield

Domain: cushmanwakefield.com
Sector: Professional, Scientific, and Technical Services
Signals: 1 linked

Scan this company

Signal context

First seen: May 12, 2026

Last updated: Jun 26, 2026

Status: Public signal

Key points

Cushman & Wakefield confirmed a data breach on May 12, 2026.
The breach was linked to a vishing attack.
ShinyHunters and Qilin (Keelin) ransomware groups both claimed responsibility.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Cushmanwakefield

Sector: Professional, Scientific, and Technical Services

Likely country: Location not provided

Estimated

Threat source

Social activity

Watch phishing, executive impersonation and account-takeover exposure.

Source type: outside the affected organization

Business impact

Potential fraud or account takeover risk

Impact area: Confidentiality

Likely asset: User or customer data

Trend context

8 signals with similar action pattern

4 signals in the same sector
93 signals with the same likely impact area
1 signal linked to this organization/domain

Mentioned entities

CushmanwakefieldData DisclosureCushmanVishing AttackShinyHunters and Qilin Claim ResponsibilityRealWakefieldCybercrimeShinyHunters and QilinKeelin

External sources

Cybercrime News For May 12, 2026. Real Estate Giant Confirms Vishing Incident. WCYB Digital Radio. - YouTubehttps://www.youtube.com/watch?v=0xC3Xi5DihYPublic source from youtube.com.

Related signals

Grouped by why the signal is relevant.

XsolisJun 23, 2026

Same action patternSame impact area

Xsolis Data Breach Affects 1.4 Million Individuals

Healthcare technology company Xsolis disclosed a data breach impacting nearly 1.4 million individuals. The breach, stemming from a phishing attack in January 2026, exposed personal and protected health information including names, dates of birth, addresses, Social Security numbers, health insurance information, and medical treatment details.

TweakersJun 19, 2026

Same sectorSame impact area

Paywall Bypass Vulnerability

Tweakers.net has identified a vulnerability that allows for the bypass of its paywall. This issue is listed as a 'Known issue' within their bug bounty program, indicating that the company is aware of the flaw and is seeking ethical hackers to report findings related to it. A successful bypass could allow unauthorized access to premium content.

RecordedfutureJun 11, 2026

Same sectorSame impact area

Recorded Future Data Compromised via Klue Supply Chain Attack

Cybersecurity firm Recorded Future was impacted by the Klue supply chain attack, which began on June 11, 2026. While investigations are ongoing, it is believed that data was copied from their Salesforce instance.

HospecsJun 2, 2026

Same action patternSame impact area

Data Breach Hits Over 100 Dutch Hotels via Shared Booking Software

Hospecs, a Dutch hospitality services firm, confirmed a data breach affecting at least 100 Dutch hotels, with reports also coming from Belgium and Ireland. The breach exposed guests' contact details and reservation information, which criminals are using for phishing attacks.

FadvMay 29, 2026

Same action patternSame impact area

First Advantage Corporation Data Breach Exposes SSNs and Driver's Licenses

First Advantage Corporation, a global background screening company, experienced a cybersecurity incident in November 2025. An unauthorized actor gained access to a single employee's email inbox within its Drug & Occupational Health Screening Unit through a sophisticated phishing attack. The attacker downloaded the contents of the inbox, potentially exposing sensitive personal information for 4,669 individuals. This data included names, Social Security numbers, driver's license numbers, email addresses, and passwords to Profile Advantage accounts. First Advantage began notifying affected individuals on or about May 29, 2026.

DocketwiseMay 26, 2026

Same action patternSame impact area

Docketwise Data Breach Impacts 143,000 Individuals

Docketwise, an immigration software provider, disclosed a data breach that exposed sensitive personal and immigration-related information belonging to approximately 143,000 individuals. The breach occurred around October 2025 when a threat actor cloned third-party partner repositories using valid credentials. The compromised data included names, addresses, dates of birth, Social Security numbers, driver's license numbers, passport and government ID numbers, financial account numbers and credentials, payment card numbers, tax identification numbers, health insurance policy numbers, medical condition or treatment information, and username and access information for non-financial accounts. This incident increases the risk of identity theft, targeted phishing, legal fraud, and misuse of confidential client records.