Eastman Kodak Company has confirmed that they have been breached by an unauthorized third party that was able to unlawfully obtain temporary access to a cache of company data.
The extortion group, ShinyHunters (which is the same group that famously ransomed the learning management system Canvas, managed by Infrastructure), has targeted the company and claimed to have stolen over 2.2 million records, according to threat intelligence released by Malwarebytes. This dataset includes both customers’ personally identifiable information (PII) and internal corporate data, according to reports.
Kodak’s Response
ShinyHunters sent out a final warning with the deadline of June 18, 2026, threatening to make the full exfiltrated database publicly accessible and create further problems across Kodak’s infrastructure if the demands were not met.
Instead of giving in to the demands or negotiating with the hackers, Kodak declined to meet the ransom. Instead, Kodak opted to internally contain the threat, hire outside cybersecurity specialists, and actively collaborate with law enforcement to investigate the incident in accordance with the enterprise’s risk management framework and federal guidelines in lieu of paying the ransom.
Malwarebytes highlights that extortion groups frequently use public countdowns and threats of data leaks as high-pressure negotiation strategies before the complete facts of an investigation are established. Kodak maintains that the incident was limited in scope, has been actively contained, and poses no ongoing threat to its current systems or operations, even though the group has not yet released conclusive public proof of the stolen 2.2 million records.
Recommended Next Steps
Malwarebytes recommends taking quick, proactive measures to protect your personal information, even though investigators are still figuring out the precise identities of those impacted:
- Update Your Credentials: If you have an account with Kodak, it is highly recommended to immediately change your password. Make sure to update the password on other services where you might have reused the password to help guard against credential-stuffing attacks.
- Enforce Multi-Factor Authentication (MFA): Wherever you have an option, ensure MFA is enabled on your online accounts. If your password is stolen, MFA will be your next best line of defense.
- Stay Vigilant Against Phishing: During the chaos after a corporate breach, cybercriminals often take to the airwaves. Be suspicious of any emails, texts, or phone calls coming your way that reference the Kodak data incident. Extra caution is needed if these messages demand immediate action or ask you to click on suspicious links and hand over financial and personal details.
- Consider a Credit Freeze: If you suspect your data may have been accessed and there’s a risk it could be used to open up unauthorized accounts in your name, the most proactive step you can take is to consider a voluntary credit freeze with each of the three major credit bureaus (Equifax, Experian, and TransUnion).
Looking Forward
As outside forensic teams resolve the disparity between Kodak’s initial description of a limited data exposure and the attacker’s claim of 2.2 million records, expect a period of increased scrutiny going forward.
If the ongoing investigation finds that the affected individuals’ personal data was successfully exfiltrated, they can expect to receive official data breach notifications from Kodak. Additionally, companies using Kodak’s commercial or enterprise services should be on high alert for hyper-targeted phishing campaigns using leaked corporate context in the upcoming weeks, as threat groups shift away from traditional system encryption and heavily concentrate on pure data extortion.
Author References:
About the Author
Carmen Estela is a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate. She recently graduated with a Master’s of Science degree from the University of Central Florida and holds a Bachelor’s degree in Criminology from the University of Florida with certifications in Data Analytics and AI Fundamentals & Applications. She frequently speaks and volunteers at well-known industry gatherings, such as BSides Orlando and BSides Jax, where she offers her perspectives on emerging cyber trends. Carmen is committed to advancing the standards of governance, risk, and compliance within cybersecurity. She has also served as an adult protective investigator, police dispatcher, and legal intern, applying investigative skills across law enforcement, academic, and public service settings.
Reach her online at [email protected].
