What Happened
On March 20, 2026, the ransomware group ShinyHunters claimed responsibility for compromising Berkadia Commercial Mortgage LLC (berkadia.com), a U.S.-based commercial real estate finance company, announcing the breach via an extortion note on dark web forums. The attackers stated they had exfiltrated over 5 million Salesforce records containing personally identifiable information (PII) such as names, Social Security numbers, addresses, phone numbers, and payment details, along with other sensitive internal corporate data, issuing a final warning for Berkadia to contact them by March 22, 2026, to prevent public leakage and further disruptions. The incident, estimated to have occurred around March 19, prompted class action lawsuits alleging inadequate data security and heightened risks of identity theft and phishing for affected customers.
