Pitney Bowes has confirmed to CyberInsider that it suffered a cybersecurity incident involving unauthorized access to customer data stored in its Salesforce environment.
This admission follows claims by the ShinyHunters extortion group that it has stolen over 25 million records.
While the company acknowledges the breach, it disputes that sensitive personal data was exposed.
Pitney Bowes is a long-established US-based technology company specializing in shipping, mailing, and financial services solutions, serving enterprise clients globally, and processes significant volumes of customer and logistics data.
The incident was identified on April 9, according to a statement shared with CyberInsider by a company spokesperson, who said the intrusion stemmed from a compromised employee email account. “On April 9, we identified unauthorized access to certain records in our Salesforce customer relationship management environment. The access occurred the previous evening and resulted from a phishing attack that compromised an employee’s email account,” the spokesperson said.
Pitney Bowes stated that it acted quickly to contain the breach by revoking access and securing the affected systems. “We immediately secured the environment, revoked the compromised access, and engaged leading cybersecurity experts and law enforcement to support our investigation,” the company added. The exposed data relates to business customer accounts and contact records, with the firm noting that “our investigation has found no evidence that the activity extended into other Pitney Bowes systems, and no indication that sensitive personal data was accessed.”
ShinyHunters is a well-known cybercrime group linked to numerous high-profile data breaches involving cloud services and SaaS platforms, often leveraging stolen credentials and social engineering techniques to gain initial access. Their operations typically involve data theft followed by extortion attempts, threatening public release if victims refuse to pay.
The threat group listed Pitney Bowes on its extortion portal last week, claiming to possess a large dataset allegedly exfiltrated from the company’s Salesforce instance. The threat actor claimed to be holding over 25 million records containing personally identifiable information (PII). After failure to negotiate a ransom payment, ShinyHunters leaked all data on the extortion portal, which is now freely downloadable.
The company acknowledged the extortion claims, stating: “We are aware of claims made by a threat actor regarding the potential release of data. We are actively investigating these claims in coordination with cybersecurity experts and law enforcement and will continue to monitor for any evidence of data exposure.” It also confirmed that affected business customers have been notified directly.
Meanwhile, following the leak of the data, alerting service Have I Been Pwned (HIBP) added it to its platform, confirming that it contains 8.2 million unique email addresses. Roughly half of those were already present on HIBP from previous incidents, so a significant amount is freshly leaked data.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
