Marcus & Millichap
What was exposed
Email addressesEmployersJob titlesNamesPhone numbersPhysical addresses
What to do if you were affected
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Watch for text-message phishing and SIM-swap attempts on your phone number.
- Be wary of targeted scams that use your personal details to sound convincing.
Details
In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group . Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M unique email addresses, along with names, phone numbers and employment-related information including employer, job title and physical company address. In their disclosure notice , Marcus & Millichap advised that data which may have been accessed appeared limited to "company forms, templates, marketing materials, and general contact information".
Frequently asked questions
What is the Marcus & Millichap data breach?
In April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group . Data alleged to have been obtained from the company was subsequently released publicly...
When did the data breach happen?
This data breach occurred around April 2026.
How many accounts were affected?
Around 1,837,078 accounts were affected.
What information was exposed?
Exposed data included Email addresses, Employers, Job titles, Names, Phone numbers and Physical addresses.
What should I do if I was affected?
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.
Related breaches