Kodak has confirmed that it suffered a data breach after the ShinyHunters extortion group claimed to have stolen millions of records from the company.
The photography giant acknowledged that an unauthorized party accessed parts of its network and obtained company data, confirming key aspects of claims previously made by the cybercriminal group. The disclosure comes days after ShinyHunters listed Kodak on its dark web leak site and threatened to publish the stolen information.
According to Kodak, the incident involved unauthorized access to a legacy business environment. The company said it launched an investigation immediately after discovering suspicious activity and has since engaged external cybersecurity specialists to assess the scope of the breach.
While Kodak has not publicly disclosed the exact number of affected records, ShinyHunters claims the breach exposed more than 2.2 million records containing customer and corporate information. The company has not verified the attackers’ figures.
The hackers allege that the stolen data includes customer details, internal documents, and business records. Security researchers who reviewed samples of the leaked material reported finding information that appeared to be connected to Kodak operations, although the complete dataset has not been independently verified.
Kodak said the investigation remains ongoing and that it is working to determine exactly what information was accessed. The company has also notified relevant authorities and is assessing potential obligations related to affected individuals.
The breach marks another high-profile claim linked to ShinyHunters, one of the most active extortion groups currently operating. The gang has been connected to numerous data theft incidents targeting major organizations worldwide and typically relies on stolen data rather than traditional ransomware encryption to pressure victims.
Instead of locking systems, ShinyHunters commonly exfiltrates sensitive information and threatens to publish it unless victims agree to negotiate. The tactic has become increasingly common among cybercriminal groups as organizations improve their ability to recover from ransomware attacks.
Kodak stated that its core business operations continue to function normally and that there is no indication the incident disrupted manufacturing or customer-facing services.
The company has not disclosed whether it has received a ransom demand or engaged in any communication with the attackers.