Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
(2026/05/05)
- Reference: 1777988065
- News link: https://www.theregister.co.uk/2026/05/05/cushman_wakefield/
- Source link:
Real estate giant Cushman & Wakefield has confirmed a data breach after two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for attacks on the company.
A spokesperson told The Register the attack was "limited" in scope and stemmed from vishing (voice phishing), suggesting an employee was socially engineered.
The representative said: "Cushman & Wakefield recently became aware of a limited data security incident due to vishing. We have activated our response protocols, including taking steps to contain the unauthorized activity and engaging third-party expert advisors to support a comprehensive response.
[1]
"Our systems and operations continue to run normally, and we are working diligently to investigate the incident. We recognize the trust placed in us to protect sensitive data and we take this responsibility very seriously."
[2]
[3]
Cushman & Wakefield (C&W) did not address the apparent dual targeting by both ShinyHunters, which operates a pay-or-leak model, and Qilin, currently viewed as the world's most prolific ransomware group.
There is no previously established coalition between ShinyHunters and Qilin, which suggests the two alleged attacks are separate but coincidentally timed.
[4]
In a message sent to The Register , ShinyHunters claimed they attacked the company on May 1, while Qilin listed C&W on its data leak site on May 4.
Qilin's website listing did not detail how it allegedly attacked C&W, although ShinyHunters claimed it stole "over 500,000 Salesforce records containing PII and other internal corporate data."
[5]ShinyHunters claims dump puts 119K Vimeo emails in the wild
[6]Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
[7]Medical and utility tech companies admit digital breakins
[8]Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
ShinyHunters set a May 6 deadline for C&W to make contact to prevent the data from being leaked, but the cybercriminals claimed this had yet to happen.
ShinyHunters has been on something of a tear recently. Known for its large-scale, high-impact attacks, the group's latest wave of activity began in March when it laid claim to an expansive supply chain attack after [9]breaching Salesforce customers via the CRM giant itself.
At the time, it said it had stolen data belonging to Salesforce and more than 100 of its high-profile customers.
[10]
Since then, big-name brands like [11]ADT , [12]Carnival Cruise Line , [13]Rockstar Games , [14]Vimeo , and others have all confirmed ShinyHunters-linked cyberattacks, although not all were explicitly linked to its earlier Salesforce compromise. ®
Get our [15]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/
[6] https://www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
[7] https://www.theregister.com/2026/04/27/itron_medtronic_hacked/
[8] https://www.theregister.com/2026/04/27/home_security_giant_adt_gets/
[9] https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://www.theregister.com/2026/04/27/home_security_giant_adt_gets/
[12] https://www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
[13] https://www.theregister.com/2026/04/13/shinyhunters_rockstar_breach/
[14] https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/
[15] https://whitepapers.theregister.com/
A spokesperson told The Register the attack was "limited" in scope and stemmed from vishing (voice phishing), suggesting an employee was socially engineered.
The representative said: "Cushman & Wakefield recently became aware of a limited data security incident due to vishing. We have activated our response protocols, including taking steps to contain the unauthorized activity and engaging third-party expert advisors to support a comprehensive response.
[1]
"Our systems and operations continue to run normally, and we are working diligently to investigate the incident. We recognize the trust placed in us to protect sensitive data and we take this responsibility very seriously."
[2]
[3]
Cushman & Wakefield (C&W) did not address the apparent dual targeting by both ShinyHunters, which operates a pay-or-leak model, and Qilin, currently viewed as the world's most prolific ransomware group.
There is no previously established coalition between ShinyHunters and Qilin, which suggests the two alleged attacks are separate but coincidentally timed.
[4]
In a message sent to The Register , ShinyHunters claimed they attacked the company on May 1, while Qilin listed C&W on its data leak site on May 4.
Qilin's website listing did not detail how it allegedly attacked C&W, although ShinyHunters claimed it stole "over 500,000 Salesforce records containing PII and other internal corporate data."
[5]ShinyHunters claims dump puts 119K Vimeo emails in the wild
[6]Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
[7]Medical and utility tech companies admit digital breakins
[8]Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
ShinyHunters set a May 6 deadline for C&W to make contact to prevent the data from being leaked, but the cybercriminals claimed this had yet to happen.
ShinyHunters has been on something of a tear recently. Known for its large-scale, high-impact attacks, the group's latest wave of activity began in March when it laid claim to an expansive supply chain attack after [9]breaching Salesforce customers via the CRM giant itself.
At the time, it said it had stolen data belonging to Salesforce and more than 100 of its high-profile customers.
[10]
Since then, big-name brands like [11]ADT , [12]Carnival Cruise Line , [13]Rockstar Games , [14]Vimeo , and others have all confirmed ShinyHunters-linked cyberattacks, although not all were explicitly linked to its earlier Salesforce compromise. ®
Get our [15]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/
[6] https://www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
[7] https://www.theregister.com/2026/04/27/itron_medtronic_hacked/
[8] https://www.theregister.com/2026/04/27/home_security_giant_adt_gets/
[9] https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33afoUCJ51AeO1IngvtMaz5wAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://www.theregister.com/2026/04/27/home_security_giant_adt_gets/
[12] https://www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
[13] https://www.theregister.com/2026/04/13/shinyhunters_rockstar_breach/
[14] https://www.theregister.com/2026/05/05/shinyhunters_dump_puts_119k_vimeo/
[15] https://whitepapers.theregister.com/
Never heard of 'em! But, their website is the usual word salad of corporate guffery.
"In the elderly care sector, a critical metric for stakeholders is the time required for a care home to move through its build-up (or lease-up) phase and reach mature occupancy" - do they mean "the care home is full", or "some old people have moved in"?