Credit: Inside The MagicThousands of Disney employees’ data was breached and leaked, and a group has taken responsibility as the House of Mouse begins its investigation into the massive spill. The Walt Disney Company has yet to specify if this relates to Walt Disney World, Disney Plus, Disney Park, or District employees of the House of Mouse.
Related: Disney is on Project 2025’s List of Companies That Need to Change the Way They Do Business
Investigation Finds That Group Did a Massive Disney Data Breach
According to Deadline, ten years after a devastating cyberattack on Sony Pictures, Disney announced Monday that it is investigating a reported hack of its internal Slack workplace messages by a group calling itself Nullbulge. “Disney is investigating this matter,” a company spokesperson told Deadline regarding the hack, first reported by the Wall Street Journal. The breach includes data from thousands of Slack channels at the media and entertainment giant.
The Nullbulge website, under a header labeled “Disney Internal Slack,” claimed to have hacked “almost 10,000 channels, every message and file possible.” The site added, “Unreleased projects, raw images and code, some logins, links to internal API/web pages, and more! Have fun sifting through it; there is a lot there.” The Wall Street Journal reported that it could not immediately verify the group’s claims about the documents’ scope or how they were obtained.
The material viewed by the publication dates back to 2019 and included conversations about maintaining Disney’s corporate website, assessments of employment candidates, programs for emerging leaders within ESPN, and photos of employees’ dogs. Nullbulge has posted screenshots of the documents online. The group told the Wall Street Journal it targeted Disney “due to how it handles artist contracts, its approach to AI, and its … pretty blatant disregard for the consumer.”
Related: Report: Disney Has No Future Without Children
What This Means Next for the House of Mouse and Its Employees
The group’s website added, “Consider the dropping of literally every bit of personal info you have, from logins to credit cards to SSN, as a warning for people in the future.” The hacker group claimed it had breached the information by compromising the computer of a Disney software development manager. This incident is reminiscent of the 2014 hack by agents linked to North Korea at Sony Pictures.
That attack created chaos by damaging the company’s internal systems, paralyzing phones, email services, and computers, and publicly releasing thousands of email messages, some of which involved embarrassing exchanges with the studio’s then-co-chair Amy Pascal, who stepped down several months later. The reported data breach involving Disney’s internal Slack messages by the hacker group Nullbulge has several significant implications for Disney and its employees.
The breach of almost 10,000 channels may include sensitive information such as unreleased projects, raw images, code, logins, and personal details. This exposure can lead to employee privacy violations and potentially compromised company operations. Leaked internal communications and project details can disrupt ongoing projects and strategic plans. It might cause delays, necessitate reworks, or lead to scrapping sensitive projects that have been publicly exposed.
Disney will likely continue its investigation to determine the full extent of the breach and how it occurred. The company must mitigate the impact by securing compromised systems, changing passwords, and possibly enhancing its cybersecurity measures. Disney may pursue legal action against the hacker group Nullbulge if they can be identified.
Disney may need to notify affected employees and offer support services such as credit monitoring and identity theft protection to mitigate the personal impact of the breach. Disney might issue public statements to manage reputation damage, providing transparency about the steps to address the violation and prevent future incidents. They might also engage in proactive PR campaigns to rebuild trust.
Internal policies regarding data handling, communication, and cybersecurity may be reviewed and revised to prevent similar incidents in the future. The data breach at Disney is a severe incident highlighting the importance of robust cybersecurity measures in protecting sensitive information. The company must take comprehensive steps to address the breach, support affected employees, and strengthen its defenses against future cyber threats.