Kodak says an intruder accessed a limited amount of company data, while ShinyHunters claims it stole 2.2 million records and plans to leak them June 18.
Kodak said it hired outside cybersecurity experts after an intruder accessed company data, and the ShinyHunters extortion gang claimed credit for the breach.
The Rochester, New York-based company said the attacker gained temporary access to a limited amount of data. Kodak said its team works with law enforcement and sees no threat to its systems or operations.
Kodak has not said whether the attacker entered its internal network, how the intrusion happened, or what data the intruder copied. The company also has not attributed the breach to ShinyHunters.
ShinyHunters posted a Kodak entry on its leak site and claimed it stole more than 2.2 million records, including customer PII and internal corporate data. The group threatened to publish the data Thursday, June 18, 2026.
Kodak provides commercial print, advanced materials, and chemical products. The company traces its roots to Eastman Kodak Co., founded in 1880, and says it holds 79,000 patents worldwide through its long history in imaging and materials.
Security teams should treat the Kodak incident as a data-theft case until Kodak shares more detail. Extortion groups often steal files, customer records, and business data, then use leak sites and deadlines to pressure victims.
ShinyHunters has claimed a series of large data-theft campaigns tied to enterprise software and third-party integrations. The group has linked itself to attacks against Salesforce customers, Snowflake customers, and organizations using Oracle PeopleSoft.
Those claims matter for defenders because attackers often target the places where companies centralize customer data. A single compromised integration, weak token, exposed credential, or unpatched enterprise app can give an attacker access to records across many business units.
Teams using platforms such as Salesforce, Snowflake, and Oracle PeopleSoft should review identity controls, integration permissions, audit logs, and data export activity. Admins should check for new connected apps, stale service accounts, broad API tokens, and unusual bulk downloads.
Kodak customers and partners should watch for follow-up notices from the company. If Kodak confirms exposure of PII, affected users should rotate reused passwords, watch account statements, and treat unexpected messages that reference Kodak business as phishing attempts.
Security teams can reduce exposure by limiting service-account permissions, enforcing multifactor authentication, rotating secrets, and logging bulk data access. They should also test whether endpoint detection, identity monitoring, and SIEM rules catch data staging and exfiltration attempts.
Extortion crews often move faster than legal and incident-response teams can publish updates. Kodak has shared the first facts: an unauthorized party accessed some company data, outside experts joined the investigation, and the company says operations remain unaffected. The next update needs to answer the questions customers care about most: which records left Kodak, whose data appeared in those records, and how attackers gained access.
Comments
Please log in or register to join the discussion