After data was leaked from hundreds of The Walt Disney Company employees, the House of Mouse is now heading to court over an official lawsuit filing.
Related: Disney Introduces Enhanced Security Measures: New Entry Policies To Affect Millions of Guests
Disney Sued Over Data Breach Allegations
Walt Disney Co. is facing a class action lawsuit alleging negligence and breach of implied contract following a significant data breach earlier this year. The lawsuit, filed Thursday in Los Angeles County Superior Court by plaintiff Scott Margel, claims that Disney and its theme park, Disney California Adventure, failed to protect sensitive personal information.
The 32-page complaint asserts that Disney violated privacy laws by inadequately preventing and notifying individuals about the breach’s extent. Margel argues that the class members, numbering in the thousands, provided “highly sensitive personal information” to Disney during their employment, which was allegedly compromised in the breach.
Representatives for the House of Mouse did not immediately respond to requests for comment on Friday.
The lawsuit references a September article from the Wall Street Journal, which reported that the hacking group NullBulge publicly released data from Disney that included over 18,800 spreadsheets, 13,000 PDFs, and 44 million internal messages from the workplace communication platform Slack.
Related: Forecasters Issue 48-Hour Warning to All Disney World Guests
The compromised messages reportedly contained sensitive information of Disney cruise employees, such as passport numbers, visa details, birthplaces, and physical addresses. Additionally, some spreadsheets included the names, addresses, and phone numbers of Disney Cruise Line passengers. Following the breach, reports emerged that the House of Mouse planned to discontinue its use of Slack.
According to the complaint, Margel and the class members remain uncertain about the specific data stolen, the type of malware used, and any measures taken to safeguard their personal information in the future. The complaint states, “The plaintiff and class members are, thus, left to speculate as to where their data ended up, who has used it, and for what potentially nefarious purposes.”
In July, the hacking group NullBulge claimed responsibility for leaking approximately 1.2 terabytes of Disney data, criticizing the company’s treatment of artists, its “approach to AI,” and what they called a “pretty blatant disregard for the consumer.”
They stated that the breach was facilitated by “a man with Slack access who had cookies.” In response, a Disney spokesperson confirmed that the company was investigating the incident.
Related: Health Concerns Rise at Disney: Visitors Claim to Catch ‘Worst Illness You Can Imagine’