Logistics technology firm Pitney Bowes confirmed a data breach after the cybercrime group ShinyHunters leaked 8.2 million email addresses, names, and physical addresses from its Salesforce environment.

Key Points

• Pitney Bowes identified unauthorized access to its Salesforce customer relationship management system on April 9, 2026.
• The breach originated from a phishing attack that compromised a single employee email account.
• Data exposed includes 8.2 million unique email addresses, along with customer names, phone numbers, and physical addresses.
• Pitney Bowes stated that the incident was limited to business customer records and did not impact other internal systems.
• The cybercrime collective ShinyHunters has recently claimed responsibility for attacks on other major organizations, including Rockstar Games and ADT.

Why it Matters

This incident highlights the ongoing vulnerability of enterprise software platforms like Salesforce to targeted phishing attacks that can lead to massive data exposure. As companies increasingly centralize customer information, these breaches pose significant risks to business privacy and supply chain security.