Pitney Bowes confirms cyber intrusion as ShinyHunters claims breach of millions of records

Pitney Bowes, a U.S.-based logistics technology firm that develops shipping software and mailing systems, has confirmed unauthorized access to customer records following a cyber intrusion tied to a phishing attack, as a cybercrime group claims to have exposed millions of records linked to the company.

The company identified the breach on April 9, 2026, determining that an attacker gained access to its Salesforce customer relationship management environment after compromising an employee email account the previous night. Pitney Bowes stated that it secured the affected systems immediately, revoked unauthorized access, and engaged cybersecurity experts and law enforcement to investigate the incident.

The exposed data is believed to relate to business customer accounts and contacts. Pitney Bowes said its investigation found no evidence that the intrusion extended beyond the affected environment and no indication that sensitive personal data was accessed. Affected business customers have been notified directly.

At the same time, a large dataset linked to the breach has surfaced, containing approximately 8.2 million unique email addresses along with names, phone numbers, and physical addresses. A smaller portion of the data includes employment-related details such as job titles.

The cybercrime group ShinyHunters has claimed responsibility for the breach as part of an ongoing campaign targeting major organizations with data theft and extortion threats. The group has been associated with a series of recent intrusions across multiple industries, including gaming, security, education, travel, and sports organizations. Entities impacted in recent weeks include Rockstar Games, ADT, Udemy, Carnival Cruises, and the Asian Football Confederation. Earlier incidents have also involved Match Group and Dutch telecommunications provider Odido.

ShinyHunters has previously stated it accessed data from hundreds of companies through a broader compromise involving Salesforce systems. The group has also been linked to earlier coordinated cyber campaigns affecting numerous enterprise platforms and customers.

Pitney Bowes, which serves more than 600,000 clients globally and reported $1.9 billion in revenue in 2025, stated it is continuing to investigate claims regarding potential data exposure. The company has implemented additional access controls, expanded monitoring, and initiated targeted employee training as part of its response.