Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed a security breach after the ShinyHunters extortion gang claimed to have stolen over 2.2 million records containing customer PII and internal corporate data.
Kodak has confirmed that it is working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. The incident came to light after the ShinyHunters extortion gang claimed responsibility on their dark web leak site, threatening to leak the stolen data if a ransom is not paid.
Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak holds 79,000 worldwide patents and provides commercial print, advanced materials, and chemical products. A company spokesperson told BleepingComputer that attackers only accessed a "limited amount" of data in the incident, but did not reply to a subsequent email asking if they breached Kodak's internal network.
"Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data. We promptly engaged external cybersecurity experts to support an investigation of what data was accessed and copied," Kodak said. "We are working with law enforcement and are confident there is no threat to our systems or operations. We will share additional updates as appropriate."
While the company has yet to attribute this breach, the ShinyHunters extortion group has claimed responsibility on their dark web leak site. The cybercrime gang said that they allegedly stole over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data and threatened to leak the exfiltrated data on Thursday. "Over 2.2 million records containing customer PII and other internal corporate data was compromised," they said. "This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that'll come your way."
Although Kodak has yet to disclose how the threat actors gained access to its systems, ShinyHunters has also claimed attacks against hundreds of Salesforce customers over the past year, saying they've stolen over 1.5 billion records in Salesforce Aura and Salesloft Drift campaigns. ShinyHunters was also linked to security breaches at over a dozen Snowflake customers and various other third-party integration providers.
One week ago, the extortion group also claimed responsibility for a new series of breaches at over 100 organizations (including the University of Nottingham) following data-theft attacks that exploited a zero-day flaw in Oracle's PeopleSoft enterprise business software suite. The Kodak breach adds to a growing list of high-profile victims targeted by ShinyHunters, which has become one of the most prolific extortion groups in recent years.
The breach exposes Kodak to potential data leaks and operational disruption, as well as reputational damage. With the deadline set for June 18, 2026, the company faces pressure to respond to the extortion demands or risk having sensitive customer and corporate data published online. The incident underscores the persistent threat posed by extortion gangs that target both large enterprises and public institutions.
In a statement provided to the media, Kodak confirmed that an unauthorized third party briefly accessed a limited amount of company data and has engaged external cybersecurity experts and law enforcement. The company added that there is no threat to its systems or operations, though it has not independently verified ShinyHunters' claim of over 2.2 million records. The ShinyHunters group has set a June 18 deadline for Kodak to respond or face a public leak of the exfiltrated data.