Unauthorized Third Party Breach at Eastman Kodak Company
Eastman Kodak Company has officially confirmed that they were the target of a breach by an unauthorized third party who gained temporary access to a cache of company data unlawfully.
The group responsible for this breach, ShinyHunters, known for their ransom of the Canvas learning management system, managed by Infrastructure, has claimed to have accessed over 2.2 million records from Kodak, as reported by threat intelligence from Malwarebytes. This dataset includes both customers’ personally identifiable information (PII) and internal corporate data.
Kodak’s Response to the Breach
In response to the breach, ShinyHunters issued a final warning with a deadline of June 18, 2026, threatening to make the entire database public and cause further disruptions across Kodak’s infrastructure if their demands were not met.
Rather than giving in to the demands or negotiating with the hackers, Kodak chose not to pay the ransom. Instead, the company decided to contain the threat internally, engage external cybersecurity experts, and collaborate with law enforcement to investigate the incident within the framework of their risk management policies and federal guidelines.
According to Malwarebytes, extortion groups often use public countdowns and threats of data leaks as tactics to pressure organizations before all the facts of an investigation are known. Kodak maintains that the breach was limited in scope, contained, and does not pose an ongoing threat to their systems or operations, despite the lack of conclusive public evidence of the stolen records.
Recommended Steps for Affected Individuals
Malwarebytes recommends taking immediate proactive measures to safeguard personal information, even as the investigation into the breach continues:
- Update Your Credentials: If you have a Kodak account, it is advised to change your password immediately. Additionally, update passwords on other accounts where the same password was used to prevent credential-stuffing attacks.
- Enable Multi-Factor Authentication (MFA): Wherever possible, activate MFA on your online accounts. In the event of a password compromise, MFA provides an added layer of security.
- Stay Alert for Phishing Attempts: Following a breach, cybercriminals may attempt phishing attacks. Be cautious of emails, texts, or calls related to the Kodak breach, especially those demanding immediate action or sensitive information.
- Consider Credit Freeze: If there is a risk of unauthorized account opening using your data, consider placing a credit freeze with major credit bureaus (Equifax, Experian, TransUnion) as a proactive measure.
Future Implications
As external forensic teams work to reconcile the discrepancy between Kodak’s initial assessment of the breach and the attacker’s claim of 2.2 million records, a period of heightened scrutiny is expected. Should the investigation confirm the unauthorized access of personal data, affected individuals can anticipate official breach notifications from Kodak. Businesses using Kodak services should remain vigilant for targeted phishing campaigns leveraging leaked corporate information in the coming weeks.
About the Author
Carmen Estela, a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate, holds a Master’s degree in Science from the University of Central Florida and a Bachelor’s degree in Criminology from the University of Florida. With certifications in Data Analytics and AI Fundamentals & Applications, Carmen actively participates in industry events like BSides Orlando and BSides Jax, sharing insights on emerging cyber trends. Her focus on enhancing governance, risk, and compliance standards in cybersecurity stems from diverse roles in adult protective investigation, law enforcement, and legal internships.
Contact Carmen via email at [email protected]
