A threat actor has allegedly breached and put up for sale the corporate database of Unibail-Rodamco-Westfield (URW), a global leader in commercial real estate. URW is a Paris-based company that owns, develops, and operates a vast portfolio of premier shopping centers, office buildings, and convention centers across Europe and the United States, including 39 locations under the iconic Westfield brand. The company’s significant footprint in the international property market makes any potential data breach a serious concern for its employees, clients, and partners.
The claim was made on a hacking forum, where a user announced the sale of the URW corporate database for €1,500. According to the post, the database is available in both .sql and mysql formats and contains sensitive information. The threat actor also claimed that a specific company portal, the US tenant coordination website, was down as a result of the incident. This portal is critical for managing the operational relationship between the real estate giant and its numerous retail tenants in the US.
The compromised data allegedly includes a significant amount of information belonging to both company personnel and clients. The threat actor specified the contents of the database as including:
- 70,000 records of employees and clients
- 60,000 IP addresses