CW A.I CyberSecurity Scoring
CW
Company Information
Website:http://www.cushmanwakefield.com
Employees number:47,355
Number of followers:1,841,174
NAICS:
Industry Type:Real Estate
Homepage:cushmanwakefield.com
CW Risk Score (AI oriented)
Between 650 and 699
CWReal Estate
Updated:
05/06/2026
05/06/2026
653/1000
Weak
B
CW Global Score (TPRM)
xxxx
CWReal Estate
Score locked

CWWeak
Current Score
653B (WEAK)
01000
2 incidents
-58.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
656
JUNE 2026
655
MAY 2026
767
Cyber Attack
05 May 2026 • CW
Salesforce, Carnival Cruise Line, Cushman & Wakefield and ADT: Cushman & Wakefield confirms vishing cyberattack
Cushman & Wakefield Data Breach Following Dual Cyberattacks by ShinyHunters and Qilin
742
CRITICAL-25
CARADTSALCUS1778027258
Cushman & Wakefield Confirms Data Breach Following Dual Cyberattacks by ShinyHunters and Qilin
Real estate firm Cushman & Wakefield (C&W) has acknowledged a limited data breach after two cybercrime groups ShinyHunters and Qilin independently claimed responsibility for attacks on the company. The incident originated from a vishing (voice phishing) attack, suggesting an employee was manipulated through social engineering.
A C&W spokesperson stated that the company detected the breach, activated response protocols, and engaged third-party experts to investigate. While the company assured that systems and operations remain unaffected, it did not address the dual claims by the two threat actors.
ShinyHunters, known for its pay-or-leak extortion model, alleged it breached C&W on May 1, stealing over 500,000 Salesforce records containing PII and internal corporate data. The group set a May 6 deadline for C&W to respond before leaking the data, though no contact was reportedly made.
Meanwhile, Qilin, currently ranked as the world’s most prolific ransomware group, listed C&W on its leak site on May 4 but did not disclose attack details. The timing of the two incidents appears coincidental, as there is no known collaboration between the groups.
ShinyHunters has been particularly active in recent months, claiming responsibility for high-profile breaches, including a supply chain attack on Salesforce in March that exposed data from over 100 customers. Other victims linked to the group include ADT, Carnival Cruise Line, Rockstar Games, and Vimeo, though not all attacks were directly tied to the Salesforce compromise.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
767
Ransomware
01 May 2026 • CW
Cushman & Wakefield and Australian College of Business Intelligence: Global ransomware activity rises modestly in May as Qilin, The Gentlemen, and DragonForce lead attacks
Ransomware Attacks Surge in May 2026, Targeting Education and Business Sectors
675
CRITICAL-92
AUSCUS1780648477
Ransomware Attacks Surge in May 2026, Targeting Education and Business Sectors
Ransomware activity rose in May 2026, with researchers at Comparitech recording 661 attacks worldwide a 3% increase from April’s 640 incidents. While attack volumes remained below the 700–800 monthly range seen in early 2026, certain sectors experienced sharp spikes. Education organizations faced the steepest rise, with attacks jumping 54% month over month, while food and beverage, retail, transportation, and technology firms also saw notable increases. In contrast, attacks on healthcare providers and utility companies declined by 21% and 29%, respectively.
Key ransomware groups dominated activity in May, with Qilin, The Gentlemen, and DragonForce leading the surge. Collectively, these groups were linked to the theft of nearly 115 TB of data. The U.S. remained the most targeted country, accounting for 272 attacks a 6% increase from April. Businesses bore the brunt of the attacks, representing 581 of the 661 incidents, including 35 confirmed cases.
Of the 661 reported attacks, 48 were confirmed by affected organizations, including 35 businesses, seven government entities, one healthcare provider, and five educational institutions. The remaining 613 incidents were unconfirmed claims, primarily targeting businesses (546), followed by healthcare (37), education (15), and government (15).
Government entities saw no change in attack volume, with 22 incidents recorded in both April and May. Among confirmed cases, Qilin ransomware targeted two French municipalities Ville de Quiberon and Ville d’Eyguières though officials confirmed no ransom was paid. In Spain, the Ayuntamiento de Valdemoro also refused to pay after a Kairos ransomware attack, despite the group claiming to have stolen 1.8 TB of data.
The healthcare sector has seen a 10% increase in attacks year-to-date, even as government-targeted incidents dropped 21% compared to the first five months of 2025. Manufacturing firms were the most frequently hit among confirmed business victims, with attacks reported across the U.S., Japan, India, Germany, Taiwan, Thailand, Malaysia, and Italy.
The only confirmed healthcare attack in May targeted Central Medical Services of Westrock (CMSW) in the U.S. on May 3, with the INC ransomware group later claiming it would sell the stolen data in seven batches of 200–300 GB each. Comparitech recorded 208 healthcare attacks in the first five months of 2026, up from 189 in the same period of 2025, with 38 confirmed by victims.
Qilin remained the most active group, claiming 97 attacks a 10% decline from April but recorded the highest number of confirmed incidents (9). Notable victims included Australian firms Menzies Group Pty Ltd and Kennedy McLaughlin & Associates, as well as German transport company Schulte-Lindhorst GmbH & Co. and U.S.-based Cushman & Wakefield.
The Gentlemen ranked second, with 71 claimed attacks, four of which were confirmed, including hits on Oriental Diamond, Koa Glass, and the University of Finance and Administration. Other groups saw dramatic increases: SafePay (160%), Nova/RALord (213%), Play (325%), and Genesis (1,600%).
Among groups disclosing stolen data, DragonForce reported the largest haul over 20.8 TB across 51 attacks, though none were confirmed by victims. The U.S. led in attacks (272), followed by Canada (31), the U.K. (28), and Germany (26). Spain saw a 28% month-over-month increase, while the U.K. and Germany experienced declines of 7% and 19%, respectively.
In Australia, attack volumes remained stable, with five confirmed incidents, including breaches at Bluize, the Australian College of Business Intelligence, and VSP Security Wholesale. The U.S. also confirmed eight attacks, including a May 4 breach at West Pharmaceutical Services, which took two weeks to fully restore operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
767
MARCH 2026
767
FEBRUARY 2026
767
JANUARY 2026
767
DECEMBER 2025
767
NOVEMBER 2025
767
OCTOBER 2025
767
SEPTEMBER 2025
767
AUGUST 2025
767
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CW ??
What was CW's A.I Rankiteo Cyber Score in June 2026 ??
What was CW's A.I Rankiteo Cyber Score in May 2026 ??
What was CW's A.I Rankiteo Cyber Score in April 2026 ??
What was CW's A.I Rankiteo Cyber Score in March 2026 ??
What was CW's A.I Rankiteo Cyber Score in February 2026 ??
What was CW's A.I Rankiteo Cyber Score in January 2026 ??
What was CW's A.I Rankiteo Cyber Score in December 2025 ??
What was CW's A.I Rankiteo Cyber Score in November 2025 ??
What was CW's A.I Rankiteo Cyber Score in October 2025 ??
What was CW's A.I Rankiteo Cyber Score in September 2025 ??
What was CW's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CW's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CW ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CW's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?