Allegedly stolen Pitney Bowes data leaked by ShinyHunters

April 30, 2026

Two years ago shipping services company Pitney Bowes was hit by a repeat ransomware attack by the Maze group. Today’s columnist, James Campbell of Cado Security, offers strategies for companies to prepare for repeat ransomware attacks. (Credit: JR James Slide Collection)

(Credit: JR James Slide Collection)

U.S. logistics technology firm Pitney Bowes had data purportedly stolen from its systems exposed by the ShinyHunters extortion group as part of its pay-or-leak attack spree, The Register reports.

The breach has been affirmed by Have I Been Pwned, which noted the inclusion of 8.2 million unique email addresses, physical addresses, names, and phone numbers in the leaked dataset. A portion of the database was said to include job titles and other company employment records. Pitney Bowes, which reported $1.9 billion in revenue in 2025 and over 600,000 customers worldwide, has yet to acknowledge the incident.

Such a development comes as ShinyHunters took responsibility for a string of attacks against Udemy, the Asian Football Confederation, and Carnival Cruises during the past week. ShinyHunters was already confirmed to have compromised Match Group, Odido, ADT, and Rockstar Games. The group also reportedly stole data from almost 400 companies in a Salesforce-linked breach.

SC Staff

Oracle Corporation location. Oracle offers technology and cloud based solutions II

Data Security

ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

SC StaffJune 10, 2026

The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.