“8.2 million unique email addresses,” Have I Been Pwned confirmed on April 27, a single line that ties Pitney Bowes to the latest claimed pay-or-leak haul by the cybercrime collective known as ShinyHunters.
Have I Been Pwned confirms the scale — 8.2 million unique emails and more
Data breach tracker Have I Been Pwned (HIBP) verified on April 27 that a dataset tied to Pitney Bowes contains 8.2 million unique email addresses. HIBP's verification also notes the inclusion of names, phone numbers and physical addresses in the same dump. A smaller subset of the trove concerned company employment records and included job titles.
ShinyHunters: the group claiming responsibility and its recent run
The data dump has been claimed by ShinyHunters, the cybercrime collective that HIBP and reporters say has been increasingly active in recent weeks. HIBP has tracked and, in multiple cases, verified the group's claims as they emerged. Confirmed cases cited by reporters include Rockstar Games and ADT; the list of organizations ShinyHunters claims to have attacked is materially longer.
During the same period, the group has claimed responsibility for intrusions at Udemy, Carnival Cruises and the Asian Football Confederation, with reporting that the latter allegedly saw tens of thousands of professional footballers' personal information and document scans leaked. Earlier activity attributed to ShinyHunters includes attacks on Match Group and Dutch telco Odido, and the group told The Register in March that it obtained data belonging to nearly 400 companies via a Salesforce breach.
What the alleged Pitney Bowes data contains
The data purportedly tied to Pitney Bowes includes the 8.2 million unique email addresses verified by HIBP, alongside names, phone numbers and physical addresses. The Register reports that employment records were part of the cache in smaller volume, and those records contained job titles for some entries. Those are the elements HIBP and The Register list as present in the dump.
Pitney Bowes' public footprint and the company contact attempts
Pitney Bowes is described in reporting as a US-based logistics technology company that produces franking machines for US postage and shipping software and mailing technologies used in shipping centers. The company claims more than 600,000 clients worldwide and reported $1.9 billion in revenue in 2025. The Register contacted Pitney Bowes for comment; according to that reporting, attempts to reach press-specific email addresses returned bouncebacks, and an investor relations contact was active but did not immediately respond.
What this means for shipping customers, security teams, and affected employees
- Shipping customers and business clients: Organizations that use Pitney Bowes' mailing and shipping technologies will be watching for any formal notification from the company about the scope of exposed customer data, as the reported dataset includes contact details and physical addresses that could affect correspondence and operational contacts.
- Security teams and incident responders at Pitney Bowes and its customers: Teams will need to determine which records are included and whether employer records or job titles create escalation paths for social-engineering attacks; HIBP's confirmation of email addresses, names and phone numbers provides attackers with multiple contact vectors.
- Affected employees and individuals named in the dump: The presence of names, phone numbers and physical addresses — and a smaller set of employment records with job titles — means individuals named in the dataset will likely need to know whether their details were included and whether further steps, such as watching for targeted phishing, are warranted.
This incident places Pitney Bowes among a string of organizations that report and verification services say have been tied to ShinyHunters' recent claims. HIBP's verification on April 27 establishes the presence of large-scale contact data in the dump, while The Register's outreach found press channels momentarily unavailable and an investor relations contact that did not respond immediately. The record assembled by reporting also documents ShinyHunters' prior and concurrent claims — nearly 400 companies via a Salesforce breach, attacks on well-known firms and a string of alleged leaks in the weeks preceding this disclosure.
Whether Pitney Bowes will provide a detailed public account of the incident, confirm remediation steps, and notify affected individuals remains an outstanding question in the reporting. For now, HIBP's confirmation and The Register's reporting place a major mailing-technology vendor at the center of another high-profile claimed leak by a group that investigators and trackers say has been unusually active.
Source: https://go.theregister.com/feed/www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/




