Photography company Kodak is investigating a data breach that compromised more than 2 million customer records from its internal systems.
According to its website, Rochester, New York-based Eastman Kodak Company produces commercial print and advanced materials and chemicals. It owns a portfolio of 79,000 patents worldwide, built over more than 130 years of research and development. Eastman Kodak employs more than 3,400 people and reported $1.069 billion in revenue in 2025.
The photography and imaging company disclosed the data breach after an infamous hacking group claimed responsibility and threatened to leak the stolen information on the dark web.
Kodak confirms data breach
Kodak has confirmed that an unauthorized third party temporarily breached its systems and compromised a subset of its data, characterizing the data breach as limited in scope.
“Kodak recently discovered that an unauthorized third party illegally gained access to a limited amount of company data,” the company stated.
Upon learning of the data breach, the photography giant engaged third-party cyber forensics experts and notified the relevant law enforcement authorities.
“We promptly launched an investigation, and external cybersecurity experts were engaged to assist,” it claimed.
Kodak also says it is cooperating with law enforcement authorities to investigate the data breach and will provide more updates when they become available.
Additionally, the electronic and photography giant says the data breach has been resolved and did not affect its operations, thus ruling out a ransomware attack, which typically takes days, weeks, or even months to resolve.
“Although our investigation is ongoing, we are confident the incident was limited in scope and has been contained and that there is no threat to our systems or operations as a result of the incident,” the company said.
Meanwhile, Kodak has not attributed the data breach to any advanced persistent threat actor or disclosed how the attacker gained initial access. Similarly, the company has not disclosed receiving any ransom demands.
“Kodak’s breach shows how extortion groups are putting pressure on companies by turning stolen data into a business disruption risk,” said Michael Centrella, Head of Public Policy at SecurityScorecard. “Even when an organization says there is no threat to systems or operations, the threat of leaking customer PII and internal corporate data can still create legal, reputational, and customer trust consequences. For a legacy brand like Kodak, the issue is not just whether operations continue running, but whether customers and partners can trust that sensitive information is being protected. Companies need to be ready to explain what was accessed, how attackers got in, whether the issue has been contained, and what they are doing to prevent it from happening again.”
ShinyHunters Linked to Kodak Data Breach
On June 16, 2026, the infamous hacking group ShinyHunters claimed responsibility for the Kodak data breach, saying it stole 2.2 million records of personally identifiable information (PII) and internal corporate data.
“Over 2.2 million records containing customer PIl and other internal corporate data was compromised,” the hacking group stated.
“If sensitive data left the environment, the risk does not end once systems are back to normal,” warned John Bruggeman, vCISO, CBTS. “Internal corporate data and personally identifiable information can be used for phishing, impersonation, partner fraud, and follow-on attacks long after the initial access has been contained.
“Also, once sensitive data is leaked the legal work begins. That is not the job of a CISO, but it is something that the CISO at Kodak is going to be working on for the next several months while the damage is assessed and people are notified about the data theft and extortion.”
However, ShinyHunters did not publish data samples to prove it had access to the alleged stolen information. Nevertheless, it gave Kodak until June 18, 2026, to pay an unspecified ransom or have the stolen information published on its dark web data leak site.
“This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that’ll come your way.”
Meanwhile, ShinyHunters has not disclosed how it gained initial access to Kodak’s internal systems. However, the hacking group has previously exploited Salesforce Aura and Salesloft Drift instances to breach hundreds of organizations, including Google.
“The ShinyHunters Group has repeatedly focused on large-scale data theft and extortion, often tied to enterprise platforms and third-party integrations,” added Centrella. “That pattern should be a warning to companies that attackers are not only looking for ransomware opportunities. They are looking for weak access controls and overlooked business systems that can be used to create leverage.
“Companies need to treat data exposure as an operational risk, not just a privacy issue. That includes limiting how much customer and corporate data is accessible from any one system and validating that vendors and integrations are not creating hidden entry points. If attackers can reach valuable data, they do not need to shut down operations to cause damage.”
The hacking group also breached cloud platform Snowflake by stealing authentication tokens after compromising Anadot’s third-party integrations. It also claimed responsibility for breaching Instructure’s learning management platform, Canvas, stealing approximately 280 records from over 8,000 universities, school districts, and other learning platforms.
Other data breaches linked to ShinyHunters include the April 2024 AT&T Wireless data breach, which cost the company $370,000 in ransom. Other victims include Banco Santander, Ticketmaster, PowerSchool, LVMH, Jaguar Land Rover, SoundCloud, Odido, Aura, Rockstar Games, Carnival Cruise, and the University of Nottingham.
