The US-based real estate company with locations in Sydney, Brisbane, Adelaide, Canberra, Perth, Melbourne and more, confirmed that it had suffered a “limited” voice phishing (vishing) attack where it appears a staffer suffered from social engineering, as originally reported by The Register.
"Cushman & Wakefield recently became aware of a limited data security incident due to vishing. We have activated our response protocols, including taking steps to contain the unauthorized activity and engaging third-party expert advisors to support a comprehensive response,” a representative said.
"Our systems and operations continue to run normally, and we are working diligently to investigate the incident. We recognize the trust placed in us to protect sensitive data and we take this responsibility very seriously."
Cyber Daily has reached out to Cushman & Wakefield for more information.
The fight for attribution - Qilin or ShinyHunters?
The incident was first claimed by the infamous ShinyHunters threat group on May 1. In the listing, the group says it had stolen 500k Salesforce records, which included internal corporate data and personally identifiable information (PII).
“This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline,” the group said.
However, just 3 days later on May 4, prolific ransomware group Qilin also claimed responsibility for the incident.
Qilin is the top ransomware group by victim count for 2026, and one of the largest of all time, with a total of 1,784 victims since it first appeared in October 2022.
The group listed Cushman & Wakefield on its dark web leak site on May 4, but did not provide any context or a sample of the incident.
It is currently unclear which, if either group, is responsible for the incident.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
