Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data.
Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000 worldwide patents and provides commercial print, advanced materials, and chemical products.
A company spokesperson told BleepingComputer that attackers only accessed a “limited amount” of data in the incident, but didn’t reply to a subsequent email asking if they breached Kodak’s internal network.
“Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data. We promptly engaged external cybersecurity experts to support an investigation of what data was accessed and copied,” Kodak said.
“We are working with law enforcement and are confident there is no threat to our systems or operations. We will share additional updates as appropriate.”
While the company has yet to attribute this breach, the ShinyHunters extortion group has claimed responsibility on their dark web leak site.
The cybercrime gang said that they allegedly stole over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data and threatened to leak the exfiltrated data on Thursday.
“Over 2.2 million records containing customer PIl and other internal corporate data was compromised,” they said. “This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that’ll come your way.”
Although Kodak has yet to disclose how the threat actors gained access to its systems, ShinyHunters has also claimed attacks against hundreds of Salesforce customers over the past year, saying they’ve stolen over 1.5 billion records in Salesforce Aura and Salesloft Drift campaigns.
ShinyHunters was also linked to security breaches at over a dozen Snowflake customers and various other third-party integration providers.
One week ago, the extortion group also claimed responsibility for a new series of breaches at over 100 organizations(including the University of Nottingham) following data-theft attacks that exploited a zero-day flaw in Oracle’s PeopleSoft enterprise business software suite.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
