Back to news
Cybersecurity Alert
July 5, 2026 by EmailMeNow IT Consulting

Was Berkadia Breached? We Scanned Their Domain Security

Berkadia appears on Have I Been Pwned with 305,216 accounts after a ShinyHunters Salesforce extortion leak. Independent audit scores berkadia.com at 58% with 25% identity and 15% transport security.

Source: Have I Been Pwned

NewsData BreachShinyHuntersSalesforceReal EstateTexasCybersecurity
Commercial real estate finance company targeted by ShinyHunters Salesforce data breach

Yes — Berkadia (berkadia.com) was breached. The commercial real estate finance firm now appears on Have I Been Pwned with 305,216 accounts tied to a March 2026 incident in which ShinyHunters ran a “pay or leak” extortion campaign against the company’s Salesforce instance.

HIBP added the breach on June 15, 2026. Published data allegedly includes email addresses, names, physical addresses, and phone numbers — the kind of contact graph that makes post-breach impersonation and vendor fraud easier across commercial mortgage workflows.

We scanned berkadia.com to assess email and domain security posture relevant to this leak.

What Happened

According to Have I Been Pwned:

  • March 2026 — ShinyHunters targeted Berkadia in a pay-or-leak extortion campaign.
  • The group subsequently published data it claimed was taken from Berkadia’s Salesforce environment.
  • 305,216 unique email addresses were exposed, along with names, physical addresses, and phone numbers.
  • HIBP added the breach on June 15, 2026.

Berkadia is one of the largest commercial real estate finance companies in the U.S. — a joint venture historically linked to Berkshire Hathaway and Jefferies — serving mortgage banking, servicing, and investment sales clients nationwide.

Illustration: ShinyHunters Salesforce pay-or-leak extortion against commercial real estate finance CRM

Breach Impact at a Glance

FieldDetail
VictimBerkadia (berkadia.com)
SectorCommercial real estate finance
Threat actorShinyHunters
Source systemSalesforce (alleged)
Accounts affected305,216
Breach periodMarch 2026
Added to HIBPJune 15, 2026
Data typesEmails, names, addresses, phone numbers

Data at Risk

Exposed records may include:

  • Email addresses tied to borrowers, brokers, and internal staff
  • Full names and physical addresses
  • Phone numbers usable for SMS and voice phishing
  • CRM relationship data that maps lenders, servicers, and counterparties

For Texas real estate and mortgage professionals who interact with Berkadia, exposed contact data increases business email compromise and wire-fraud social engineering risk — especially when email identity controls on the domain are weak.

Illustration: commercial real estate contact records exposed from Salesforce CRM breach

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of berkadia.com on July 5, 2026:

DomainOverallIdentityTransportWebsiteRisk
berkadia.com58%25%15%92%Average

Key findings:

  • 58% overall (Average) — below the 100% ideal for a finance firm handling sensitive transaction correspondence.
  • 25% Identity & Spoofing — weak DMARC/SPF posture makes spoofed @berkadia.com messages harder to block after a CRM contact leak.
  • 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT reporting.
  • 92% Website Security — strong header posture on the public site, but email transport and identity gaps remain.

Audit link: berkadia.com audit

Priority Actions


Sources: HIBP — Berkadia · EmailMeNow audit — berkadia.com