Shipping Giant Pitney Bowes’ Services Stalled by Ransomware Attack

The company, which serves over 1.5 million clients, has been able to get some services back online but is still working to address the damage.

• By Haley Samsel
• Oct 16, 2019

Mailing services company Pitney Bowes, which handles shipping technology for more than 1.5 million clients around the globe, was hit with a ransomware attack on Monday.

The company acknowledged on Monday that the malware attack, which encrypted information on its computer systems, had disrupted customer access to some of its services. In a statement, Pitney Bowes said it had hired a third-party consultant to help them address the problem.

“We apologize for any disruption to your systems,” the shipping giant posted on Twitter. “We are working to restore affected systems.”

On Tuesday, the company said it has seen “no evidence” that customer or employee data has been “improperly accessed,” ruling out the possibility of a data breach so far. The attack appears to have affected customers’ ability to upload funds to their postage meters in order to pay for and print postage. Customers were complaining of issues on Twitter through Tuesday afternoon.

“If you have funds loaded you are able to print postage,” Pitney Bowes wrote in an update on its website. “Restoring your meter’s postage refill capability is our highest priority.”

In addition, Pitney Bowes’ commerce services were hit by the attack, affecting their ability to properly sort packages. Though the company says it is now moving delivery parcels through its network again, it is still working to address issues with fulfillment.

“Fulfillment has been more complex to solve, and we have begun to restart facilities,” the company wrote, adding that further updates will follow.

Read More: FBI Warns Businesses and Organizations of Rising “High-Impact” Ransomware Threat

Stuart Reed, a cybersecurity expert and vice president at the British cybersecurity firm Nominet, said that the Pitney Bowes attack could be an example of companies failing to address the threat of malicious actors.

“Despite daily headlines of companies being breached, two thirds of C-suite executives admit to having knowledge gaps about ransomware,” Reed said, citing a study conducted by Nominet. “Consequently, this begs the question whether enough is being done to prevent ransomware.”

Reed added: “IT teams also need to ensure that system patches are kept up to date and backups put in place. Only with this layered approach to security, combined with understanding and buy-in from the C-Suite, will ransomware attack numbers begin to subside.”