Kodak Confirms Data Breach as ShinyHunters Threatens to Leak 2.2 Million Records

An extortion ultimatum past its deadline

Kodak confirmed this week that an unauthorized third party "illegally gained temporary access to a limited amount of company data" after the ShinyHunters extortion group posted the imaging giant on its dark web leak site on June 15, threatening to publish stolen files unless Kodak responded by June 18.bleepingcomputer +1 The group claims to have exfiltrated more than 2.2 million records containing customer personally identifiable information and internal corporate data, though it has not posted proof samples to back up the assertion.cybernews +1

Kodak said it promptly engaged external cybersecurity experts and notified law enforcement, adding that it is "confident the incident was limited in scope and has been contained" and that there is "no threat to our systems or operations."securityweek The company has not formally attributed the intrusion to ShinyHunters, and the exact method of entry remains undisclosed.bleepingcomputer

A threat group on a relentless extortion spree

ShinyHunters has been escalating a sprawling corporate extortion campaign since at least last autumn, pivoting away from ransomware encryption in favor of data theft followed by public leak threats.malwarebytes The group recently claimed breaches at more than 100 organizations by exploiting a zero-day vulnerability in Oracle's PeopleSoft enterprise software, and separately says it siphoned more than 1.5 billion records from misconfigured Salesforce instances.bleepingcomputer +1 In the past week alone, the gang posted Madison Square Garden, Ralph Lauren, JCPenney, Sysco Corporation, and Houston City College alongside Kodak on its leak blog.cybernews

The group is known for social engineering, bribery, and supply-chain attacks, and has been linked to earlier breaches at dozens of Snowflake customers and hundreds of Salesforce users.bleepingcomputer Mandiant researchers have also documented ShinyHunters-linked voice-phishing operations that abuse multi-factor authentication and single sign-on systems to infiltrate SaaS platforms.thehackernews

What Kodak's response signals — and what it leaves open

Kodak's public statement is carefully bounded: it acknowledges access to a "limited" dataset but stops short of confirming the 2.2 million-record figure or specifying what categories of customer data were involved.securityweek +1 Founded in 1880 and headquartered in Rochester, New York, the company reinvented itself after emerging from a 2012 bankruptcy as a business-to-business technology firm spanning commercial digital printing, specialty chemicals, and film.bleepingcomputer

The investigation is ongoing, and Kodak has pledged to share additional updates. Security researchers note that ShinyHunters typically applies pressure through escalating public threats rather than immediately dumping data, using the prospect of a leak to extract payment before any files are released.malwarebytes