Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Cushman & Wakefield

Cushman & Wakefield Vendor Cyber Rating & Cyber Score

cushmanwakefield.com

As a global commercial real estate services leader with 52,000 professionals worldwide, we will never settle for the world that’s been built, but relentlessly drive it forward for our clients, colleagues and communities. #BetterNeverSettles


CW A.I CyberSecurity Scoring

CW
Company Information
Website:http://www.cushmanwakefield.com
Employees number:47,355
Number of followers:1,841,174
NAICS:
Industry Type:Real Estate
Homepage:cushmanwakefield.com
CW Risk Score (AI oriented)
Between 650 and 699
logo
CWReal Estate
Updated:
05/06/2026
653/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CW Global Score (TPRM)
xxxx
logo
CWReal Estate
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CW
CWWeak
Current Score
653B (WEAK)
01000
2 incidents
-58.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
656Before Incident
JUNE 2026
655Before Incident
MAY 2026
767Before Incident
Cyber Attack
05 May 2026CW
Salesforce, Carnival Cruise Line, Cushman & Wakefield and ADT: Cushman & Wakefield confirms vishing cyberattack

Cushman & Wakefield Data Breach Following Dual Cyberattacks by ShinyHunters and Qilin

742After Incident
CRITICAL-25
CARADTSALCUS1778027258
Cushman & Wakefield Confirms Data Breach Following Dual Cyberattacks by ShinyHunters and Qilin Real estate firm Cushman & Wakefield (C&W) has acknowledged a limited data breach after two cybercrime groups ShinyHunters and Qilin independently claimed responsibility for attacks on the company. The incident originated from a vishing (voice phishing) attack, suggesting an employee was manipulated through social engineering. A C&W spokesperson stated that the company detected the breach, activated response protocols, and engaged third-party experts to investigate. While the company assured that systems and operations remain unaffected, it did not address the dual claims by the two threat actors. ShinyHunters, known for its pay-or-leak extortion model, alleged it breached C&W on May 1, stealing over 500,000 Salesforce records containing PII and internal corporate data. The group set a May 6 deadline for C&W to respond before leaking the data, though no contact was reportedly made. Meanwhile, Qilin, currently ranked as the world’s most prolific ransomware group, listed C&W on its leak site on May 4 but did not disclose attack details. The timing of the two incidents appears coincidental, as there is no known collaboration between the groups. ShinyHunters has been particularly active in recent months, claiming responsibility for high-profile breaches, including a supply chain attack on Salesforce in March that exposed data from over 100 customers. Other victims linked to the group include ADT, Carnival Cruise Line, Rockstar Games, and Vimeo, though not all attacks were directly tied to the Salesforce compromise.
INCIDENT DETAILS -
TYPE
data breachextortion
MOTIVATION
extortiondata theft
IMPACT
Data Compromised: over 500,000 Salesforce records containing PII and internal corporate dataOperational Impact: systems and operations remain unaffectedIdentity Theft Risk: PII exposed
DATA BREACH
PIIinternal corporate dataNumber Of Records Exposed: over 500,000Sensitivity Of Data: high
MAY 2026
767Before Incident
Ransomware
01 May 2026CW
Cushman & Wakefield and Australian College of Business Intelligence: Global ransomware activity rises modestly in May as Qilin, The Gentlemen, and DragonForce lead attacks

Ransomware Attacks Surge in May 2026, Targeting Education and Business Sectors

675After Incident
CRITICAL-92
AUSCUS1780648477
Ransomware Attacks Surge in May 2026, Targeting Education and Business Sectors Ransomware activity rose in May 2026, with researchers at Comparitech recording 661 attacks worldwide a 3% increase from April’s 640 incidents. While attack volumes remained below the 700–800 monthly range seen in early 2026, certain sectors experienced sharp spikes. Education organizations faced the steepest rise, with attacks jumping 54% month over month, while food and beverage, retail, transportation, and technology firms also saw notable increases. In contrast, attacks on healthcare providers and utility companies declined by 21% and 29%, respectively. Key ransomware groups dominated activity in May, with Qilin, The Gentlemen, and DragonForce leading the surge. Collectively, these groups were linked to the theft of nearly 115 TB of data. The U.S. remained the most targeted country, accounting for 272 attacks a 6% increase from April. Businesses bore the brunt of the attacks, representing 581 of the 661 incidents, including 35 confirmed cases. Of the 661 reported attacks, 48 were confirmed by affected organizations, including 35 businesses, seven government entities, one healthcare provider, and five educational institutions. The remaining 613 incidents were unconfirmed claims, primarily targeting businesses (546), followed by healthcare (37), education (15), and government (15). Government entities saw no change in attack volume, with 22 incidents recorded in both April and May. Among confirmed cases, Qilin ransomware targeted two French municipalities Ville de Quiberon and Ville d’Eyguières though officials confirmed no ransom was paid. In Spain, the Ayuntamiento de Valdemoro also refused to pay after a Kairos ransomware attack, despite the group claiming to have stolen 1.8 TB of data. The healthcare sector has seen a 10% increase in attacks year-to-date, even as government-targeted incidents dropped 21% compared to the first five months of 2025. Manufacturing firms were the most frequently hit among confirmed business victims, with attacks reported across the U.S., Japan, India, Germany, Taiwan, Thailand, Malaysia, and Italy. The only confirmed healthcare attack in May targeted Central Medical Services of Westrock (CMSW) in the U.S. on May 3, with the INC ransomware group later claiming it would sell the stolen data in seven batches of 200–300 GB each. Comparitech recorded 208 healthcare attacks in the first five months of 2026, up from 189 in the same period of 2025, with 38 confirmed by victims. Qilin remained the most active group, claiming 97 attacks a 10% decline from April but recorded the highest number of confirmed incidents (9). Notable victims included Australian firms Menzies Group Pty Ltd and Kennedy McLaughlin & Associates, as well as German transport company Schulte-Lindhorst GmbH & Co. and U.S.-based Cushman & Wakefield. The Gentlemen ranked second, with 71 claimed attacks, four of which were confirmed, including hits on Oriental Diamond, Koa Glass, and the University of Finance and Administration. Other groups saw dramatic increases: SafePay (160%), Nova/RALord (213%), Play (325%), and Genesis (1,600%). Among groups disclosing stolen data, DragonForce reported the largest haul over 20.8 TB across 51 attacks, though none were confirmed by victims. The U.S. led in attacks (272), followed by Canada (31), the U.K. (28), and Germany (26). Spain saw a 28% month-over-month increase, while the U.K. and Germany experienced declines of 7% and 19%, respectively. In Australia, attack volumes remained stable, with five confirmed incidents, including breaches at Bluize, the Australian College of Business Intelligence, and VSP Security Wholesale. The U.S. also confirmed eight attacks, including a May 4 breach at West Pharmaceutical Services, which took two weeks to fully restore operations.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainData exfiltration
IMPACT
Data Compromised: 115 TBDowntime: Two weeks (West Pharmaceutical Services)Operational Impact: Full restoration required for some victims
DATA BREACH
Personally identifiable informationCorporate dataSensitivity Of Data: High (1.8 TB claimed by Kairos, 200–300 GB batches by INC)Data Exfiltration: Yes (115 TB total)Data Encryption: Yes (ransomware strains)Personally Identifiable Information: Likely (healthcare and government targets)
APRIL 2026
767Before Incident
MARCH 2026
767Before Incident
FEBRUARY 2026
767Before Incident
JANUARY 2026
767Before Incident
DECEMBER 2025
767Before Incident
NOVEMBER 2025
767Before Incident
OCTOBER 2025
767Before Incident
SEPTEMBER 2025
767Before Incident
AUGUST 2025
767Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CW ?
?
What was CW's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CW's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CW's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CW's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CW's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CW's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CW's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CW ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CW's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?