Pitney Bowes Breached: 8.2 Million Emails Exposed by ShinyHunters

Severity: High (Score: 61.5)

Sources: haveibeenpwned.com, Theregister

Summary

Pitney Bowes, a logistics technology company, has suffered a data breach confirmed by Have I Been Pwned (HIBP) on April 27, 2026. The breach involves the exposure of 8.2 million unique email addresses, along with names, phone numbers, and physical addresses. A subset of the leaked data includes employment records with job titles. ShinyHunters, the cybercrime group responsible for this attack, has been active in a series of pay-or-leak incidents targeting various organizations, including Rockstar Games and ADT. The breach is part of a broader trend of recent attacks by ShinyHunters, which have also affected companies like Udemy and Carnival Cruises. Attempts to contact Pitney Bowes for further details have been unsuccessful, as press emails bounced back. The company serves over 600,000 clients and reported $1.9 billion in revenue in 2025. The ongoing spree of breaches raises significant concerns about the security of personal and employment data across multiple sectors. Key Points: • Pitney Bowes confirmed a breach affecting 8.2 million email addresses. • ShinyHunters is responsible for this and multiple recent pay-or-leak attacks. • Attempts to contact Pitney Bowes for comments were unsuccessful.

Key Entities

• Data Breach (attack_type)
• ADT (company)
• Asian Football Confederation (company)
• Carnival Cruises (company)
• Match Group (company)
• Odido (company)
• Drift (campaign)
• Salesloft (tool)
• Udemy (platform)
• CWE-200 - Exposure of Sensitive Information (cwe)
• Technology (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)