The Register contacted Pitney Bowes for more information. Attempts to reach its press-specific email addresses led to bouncebacks. Its investor relations contact is active, but did not immediately respond to our request.

Pitney Bowes may not be a household name, but it's a substantial US-based tech firm producing shipping software and mailing technologies used in everyday shipping centers. The company claims more than 600,000 clients worldwide and posted $1.9 billion in revenue in 2025.

ShinyHunters has been on a tear in recent weeks, with HIBP tracking and verifying the group's claims as they land.

Confirmed cases include Grand Theft Auto developer Rockstar Games and physical security giant ADT, while the list of companies it claims to have attacked is considerably longer.

In just the past week, the cybercrime collective has claimed responsibility for attacks on the likes of Udemy, Carnival Cruises, and the Asian Football Confederation, allegedly leaking tens of thousands of professional footballers' personal information and document scans.

The Register asked the Asian Football Confederation for comment yesterday, though it has yet to respond.

Prior to the latest wave of breaches, ShinyHunters was also behind the attacks on Match Group and Dutch telco Odido. 

The group also told The Register in March that it accessed the data belonging to nearly 400 companies via a Salesforce breach. 

Some of you may remember that ShinyHunters was also (partly) behind the sprawling attacks on Salesloft Drift last year – as it worked in tandem with other crime crews as Scattered Lapsus$ Hunters – and hundreds more Salesforce customers later in 2025. ®

Updated to add on April 29, 2026:

Pitney Bowes told The Register it had "identified unauthorized access to certain records in our Salesforce customer relationship management environment," on April 9th. It said the intrusion happened the night before and "resulted from a phishing attack that compromised an employee email account."

The org told us: "We immediately secured the environment, revoked the compromised access, and engaged leading cybersecurity experts and law enforcement to support our investigation."

It confirmed: "The affected records relate to business customer accounts and contacts. Our investigation has found no evidence that the activity extended into other Pitney Bowes systems, and no indication that sensitive personal data was accessed. We have notified affected business customers directly."

Referring to the Shiny Hunters threats, it said: "We are aware of claims made by a threat actor regarding the potential release of data. We are actively investigating these claims in coordination with cybersecurity experts and law enforcement and will continue to monitor for any evidence of data exposure.

"We have implemented additional access controls, expanded monitoring, and are conducting targeted employee training. We will update our customers on material developments as the investigation continues."