Largest Cyberattack in History Leads to Millions of Disney Guests Having Their Data Stolen, Sold on the Dark Web

in Walt Disney World

The image shows the entrance gate of Walt Disney featuring the iconic Mickey Mouse ears, alongside a graphic of two computer screens with "SYSTEM HACKED" warnings displayed. The composition suggests a cybersecurity breach involving Disney's systems.

Credit: Inside The Magic

Millions of Floridians, including Walt Disney World Resort guests, had their data stolen and sold on the black market. The state is attempting to remedy the situation by notifying everyone whose information was leaked online.

Ron DeSantis in a blue suit and red tie is speaking at a podium with microphones. Behind him are the flags of the United States and Florida. The background includes additional dark-colored flags.
Credit: First Coast News

Florida Begins Warning and Notifying Millions About Stolen Data; Disney Guests on Alert

It’s scary when your information is leaked or stolen online, especially when you are a guest at a central theme park like Walt Disney World Resort and have zero idea about what is happening. According to multiple sources, millions of Floridians, including thousands of Disney parkgoers, had their information leaked online and sold on the black market.

The Florida Department of Health has initiated a notification process for individuals whose personal and medical information was compromised in a recent cyberattack and subsequently exposed on the dark web.

According to an official statement released by the department on Wednesday, affected Floridians receive mailed notifications and are offered complimentary credit monitoring and identity theft protection services.

The breach occurred in June and was orchestrated by the international hacker collective known as RansomHub. The group infiltrated the department’s systems and accessed at least 20,000 files containing confidential information, including HIV test results, signed medical release documents, detailed insurance records, workers’ compensation data, and COVID-19 diagnoses.

A collage showing Mickey Mouse with hands on cheeks, smiling, and a man smiling, with the Disney World entrance sign in the background. The sky is partly cloudy with flags on the archway that reads "The Most Magical Place on Earth.
Credit: Inside The Magic

Despite the hackers’ demands for payment, the state maintained its policy against paying ransoms. In July, the stolen data was made public on the dark web. The department has not disclosed the exact number of individuals affected by the breach.

This cyberattack, considered the most severe in Florida’s history, also led to the temporary shutdown of the state’s online system for issuing birth and death certificates, which remained offline for several weeks.

According to the department’s statement, the breach was detected on June 26, the same day it occurred. The leaked data included patient names, birth dates, Social Security numbers, banking and credit card details, driver’s license and military ID numbers, prescriptions, insurance claims, and passwords.

The Times/Herald reviewed some of the exposed files. It revealed detailed test results, primarily from the Department of Health’s Bureau of Public Health Laboratories, which operates facilities in Jacksonville, Tampa, and Miami.

The Times/Herald reviewed some of the exposed files. It revealed detailed test results, primarily from the Department of Health’s Bureau of Public Health Laboratories, which operates facilities in Jacksonville, Tampa, and Miami.

These labs conduct testing for health departments and hospitals, including screenings for infectious diseases like HIV, hepatitis, and COVID-19. Most records examined pertained to patients and healthcare providers in Broward County, with documents dated between 2023 and 2024.

Split image: Left side features Shrek and Donkey in front of the Universal Studios globe; right side displays Cinderella Castle with Princess Tiana from Disney.
Credit: Inside The Magic

Yes, This Includes WDW Guests

The Florida Department of Health oversees the state’s county health departments and reports to Florida Surgeon General Joseph Ladapo, an appointee of Governor Ron DeSantis. You can also access the following link to check and verify that you are not one of the millions whose data was leaked and sold: https://npd.pentester.com/

The recent cyberattack on the Florida Department of Health has raised concerns among Walt Disney World Resort guests, particularly those whose sensitive health information may have been compromised in the breach.

Given the resort’s proximity to primary healthcare providers and the volume of visitors it attracts, some guests could be among the thousands potentially affected by the leaked data.

Visitors who sought medical attention during their stay at Disney World, especially those who may have used local healthcare facilities for COVID-19 testing or other services, could find their personal information on the dark web.

The breach included sensitive details such as test results, insurance data, and Social Security numbers, raising the risk of identity theft for those impacted. Florida is a top destination for tourists, including millions of Disney World visitors each year, so the scope of the breach has broader implications.

The Florida Department of Health urges anyone who believes they may have been affected to take advantage of the free credit monitoring and identity theft protection services offered and remain vigilant for any signs of fraudulent activity.

Individuals who suspect they may have been affected by the breach are encouraged to contact the Florida Department of Health at 866-997-1602.

in Walt Disney World

View Comment (1)