Cushman & Wakefield Inc.
Over 500k Salesforce records containing PII and other internal corporate data have been compromised. This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 3 May 2026 | Warning: FINAL WARNING
Incident Details
- Threat Group
- shinyhunters
- Victim / Organization
- Cushman & Wakefield Inc.
- Website / Domain
- cushmanwakefield.com
- Industry Sector
- Business Services
- Country / Region
- 🇺🇸 US
- Date Discovered
- Saturday, May 2, 2026
What This Listing Means
Posting on shinyhunters's ransomware leak site typically signals that the threat actor claims to have:
- ▸Gained unauthorized access to the organization's network via phishing, exposed credentials, or an unpatched vulnerability
- ▸Exfiltrated sensitive data — potentially including financial records, PII, customer data, or trade secrets
- ▸Deployed ransomware to encrypt systems and disrupt operations
- ▸Issued a ransom demand with a deadline to publish all stolen data publicly if unpaid
🇺🇸 US-based organizations hit by ransomware may have mandatory breach notification obligations under state laws, HIPAA (healthcare), SEC regulations (public companies), or CISA guidelines. The notification window is typically 72 hours from discovery.
Open Source Investigation
Is This Your Organization?
Security Arsenal provides 24/7 ransomware incident response. We contain active attacks, support ransom negotiation decisions, perform forensic analysis, and recover your data.
Get Emergency ResponseIR Services OverviewProtect Your Organization
- AlertMonitor
Dark web & ransomware monitoring for your domains
- Managed SOC & MDR
24/7 threat detection and response
- Penetration Testing
Find ransomware entry points before attackers do
Other shinyhunters Victims
- ▸Instructure Holdings, Inc. (Canva LMS, instructure.com)US
- ▸TOWERPOINT WEALTH, LLCUS
- ▸Follett Software LLCUS