Kodak confirms breach following claims 2.2M records stolen

GaryPageau ,

Eastman Kodak Co. has confirmed a data breach after threat actors claimed to have stolen 2.2 million records, including internal corporate data and the personally identifiable information (PII) of customers, according to Security Magazine. The group ShinyHunters has claimed responsibility for the attack. While it is currently unknown how Kodak’s systems were breached, ShinyHunters has gone on a spree of Salesforce compromises in recent months, including the breach against Instructure, the parent company of Canvas

“The ShinyHunters Group has repeatedly focused on large-scale data theft and extortion, often tied to enterprise platforms and third-party integrations,” says Michael Centrella, Head of Public Policy at SecurityScorecard. “That pattern should be a warning to companies that attackers are not only looking for ransomware opportunities. They are looking for weak access controls and overlooked business systems that can be used to create leverage. Companies need to treat data exposure as an operational risk, not just a privacy issue. That includes limiting how much customer and corporate data is accessible from any one system and validating that vendors and integrations are not creating hidden entry points. If attackers can reach valuable data, they do not need to shut down operations to cause damage.”

ShinyHunters has threatened to leak the data if the organization does not reach out by June 18. 

A spokesperson from Kodak told Security magazine, “Kodak recently discovered that an unauthorized third party illegally gained access to a limited amount of company data. We promptly launched an investigation, and external cybersecurity experts were engaged to assist. Although our investigation is ongoing, we are confident the incident was limited in scope and has been contained, and that there is no threat to our systems or operations as a result of the incident. We have also notified law enforcement and are continuing to support their investigation. We will share additional updates as appropriate.”

Written by 

Gary Pageau is principal of InfoCircle LLC, continuing his marketing communications career. InfoCircle LLC is a marketing and communications consulting firm, specializing in business-to-business markets. For nearly 25 years, he was with PMA International, serving most recently as Publisher, Content Development and Strategic Initiatives. His primary responsibilities included overseeing the Association’s editorial department, marketing research unit, education and corporate relations department.