Commercial real estate services leader Cushman & Wakefield has confirmed a cyber incident impacting its network, and two major cyber crime groups have claimed responsibility.
The US-based real estate company with locations in Sydney, Brisbane, Adelaide, Canberra, Perth, Melbourne, and more, confirmed that it had suffered a “limited” voice phishing (vishing) attack in which it appears a staffer suffered from social engineering, as originally reported by The Register.
“Cushman & Wakefield recently became aware of a limited data security incident due to vishing. We have activated our response protocols, including taking steps to contain the unauthorised activity and engaging third-party expert advisors to support a comprehensive response,” a representative said.
“Our systems and operations continue to run normally, and we are working diligently to investigate the incident. We recognise the trust placed in us to protect sensitive data, and we take this responsibility very seriously.”
Cyber Daily, REB’s sister publication, has reached out to Cushman & Wakefield for more information.
The fight for attribution – Qilin or ShinyHunters?
The incident was first claimed by the infamous ShinyHunters threat group on 1 May. In the listing, the group said it stole 500,000 Salesforce records, including internal corporate data and personally identifiable information (PII).
“This is a final warning to reach out by 6 May 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the group said.
However, just three days later, on 4 May, prolific ransomware group Qilin also claimed responsibility for the incident.
Qilin is the top ransomware group by victim count for 2026, and one of the largest of all time, with a total of 1,784 victims since it first appeared in October 2022.
The group listed Cushman & Wakefield on its dark web leak site on 4 May, but did not provide any context or a sample of the incident.
It is currently unclear which, if either group, is responsible for the incident.
This article was first published in REB’s sister publication Cyber Daily.
Want to see more stories from trusted news sources?Make Real Estate Business a preferred news source on Google.
