Pitney Bowes has confirmed a cybersecurity incident involving unauthorized access to customer data stored within its Salesforce environment, following claims by the ShinyHunters extortion group that it had stolen more than 25 million records. While the company acknowledged the breach, it disputed assertions that sensitive personal data was exposed.
The US-based technology firm, known for its shipping, mailing, and financial services solutions, stated that the incident was detected on April 9. According to a company spokesperson, the breach originated from a phishing attack that compromised an employee’s email account, enabling unauthorized access to certain records within its Salesforce customer relationship management system.
Pitney Bowes emphasized that it acted swiftly to contain the incident by revoking compromised access and securing affected systems. The company also confirmed that it engaged cybersecurity experts and law enforcement authorities to support its ongoing investigation. It noted that the exposed information was primarily related to business customer accounts and contact records, adding that there is no evidence suggesting the intrusion extended beyond the Salesforce environment or that sensitive personal data was accessed.
The ShinyHunters group, which has been linked to multiple high-profile data breaches targeting cloud platforms and SaaS environments, claimed responsibility for the attack. The group alleged it had exfiltrated a substantial dataset containing personally identifiable information and listed Pitney Bowes on its extortion portal. After reportedly failing to secure a ransom payment, the group released the data publicly, making it freely accessible.
Responding to these claims, Pitney Bowes stated that it is actively investigating the alleged data exposure in coordination with cybersecurity experts and law enforcement agencies. The company also confirmed that affected business customers have been notified directly and that it continues to monitor the situation for any further evidence of compromised data.
Following the data leak, the breach was added to the Have I Been Pwned (HIBP) platform, which confirmed that the dataset includes approximately 8.2 million unique email addresses. Notably, around half of these email addresses had not been previously recorded in earlier breaches, indicating a significant volume of newly exposed data.
The incident highlights the growing risks associated with phishing attacks and compromised credentials, particularly within cloud-based enterprise platforms. As threat actors increasingly target SaaS environments to access large volumes of customer data, organizations are under mounting pressure to strengthen identity security, enhance monitoring capabilities, and improve resilience against social engineering attacks.
Recommended Cyber Technology News :
- Florida Physician Specialists Data Breach Exposes Data
- Salesforce Data Breach Exposes Udemy, Zara & 7-Elevan Data
- Fidelity Data Breach Leads to $1.25M Settlement
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
