Kodak Confirms Data Breach Claimed by ShinyHunters Extortion Group

Kodak has confirmed a security breach after an unauthorized third party gained access to company data. The extortion group ShinyHunters claimed responsibility within hours, posting Kodak on its dark web leak site. ShinyHunters alleges the theft of more than 2.2 million records containing customer information and internal corporate data. The group set a deadline of June 18, 2026, and threatened to publish the stolen files if Kodak does not respond.

This Kodak data breach lands amid one of the busiest extortion seasons ShinyHunters has run to date. Kodak said it is working without side cybersecurity experts and law enforcement to determine the scope of the intrusion. The company has not yet attributed the attack to ShinyHunters or any other group.

What Kodak Has Confirmed So Far

Kodak acknowledged that an unauthorized party gained temporary access to a limited amount of company data. A spokesperson said the access window was short. Current systems and operations face no ongoing threat, the company's statement said.

Kodak did not confirm or deny whether attackers reached its internal network when pressed directly on the question. That gap matters. A limited breach and a network wide compromise carry very different consequences for customers and partners.

The distinction shapes how seriously outside organizations should treat this Kodak data breach until more detail emerges. Kodak said it would share updates "as appropriate" but gave no firm timeline. Investigations of this kind often take weeks to produce a clear picture of what data left the network.

ShinyHunters' Extortion Claim

ShinyHunters listed Kodak on its leak site and claimed to have exfiltrated over 2.2 million records of customer personally identifiable information. The group also claims to hold internal corporate data beyond the customer records. Its posted message set a hard deadline for this Kodak data breach: pay by June 18, 2026, or the data goes public.

The group warned of "several annoying (digital) problems" if Kodak misses the deadline. That language echoes past ShinyHunters extortion notes. None of these figures have been independently verified yet. ShinyHunters has a long track record of using leak site listings as pressure tactics before negotiations conclude.

The claimed record count may shift once Kodak's own investigation finishes. Until Kodak or a third party confirms the scope, the 2.2 million figure should be treated as an allegation rather than a confirmed fact.

A Long Streak of ShinyHunters Incidents

This Kodak data breach extends a long, ongoing streak of attacks tied to ShinyHunters over the past year, fitting a pattern the group has repeated against dozens of other targets. The group ran an extended campaign against Salesforce Experience Cloud sites. It exploited misconfigured guest user permissions to pull customer records without authentication, then claimed over 1.5 billion records stolen through related Salesforce and Salesloft Drift attacks.

ShinyHunters has also been linked to breaches at more than a dozen Snowflake customers. A separate supply chain compromise reached Vimeo through analytics vendor Anodot earlier this year. The group later claimed credit for breaches at over 100 organizations after exploiting a zero-day flaw in Oracle's PeopleSoft software. That list includes the University of Nottingham and Oxford University.

Dental benefits administrator DentaQuest disclosed a breach tied to the same group, exposing millions of records. ShinyHunters has additionally claimed attacks against 7-Eleven and pressured education software vendor Instructure into an agreement to stop a separate data leak.

Each incident follows a familiar pattern. A leak site listing appears first. A stolen record claim and a countdown deadline follow, putting pressure on the victim to negotiate before data goes public. Kodak now sits inside that same pattern, and the outcome depends on how the company responds before Thursday.

What Businesses and Consumers Should Watch For

Organizations that work with Kodak should treat this data breach as an active situation, not a closed incident. Vendor relationships often carry exposure even when a breach gets described as limited. Shared systems and contact databases can extend the blast radius well beyond the named victim.

Consumers whose information may have touched Kodak's systems should watch for phishing attempts that reference this Kodak data breach or the company by name. Extortion groups frequently use stolen contact data to craft convincing follow-on scams once a leak goes public. Anyone contacted unexpectedly about a Kodak account or order should verify the request through Kodak's official channels before responding.

The June 18 deadline leaves a short window for resolution. If ShinyHunters follows its usual pattern, a lack of response from Kodak will likely push the claimed data onto the group's leak site. That would mark the next chapter in a Kodak data breach story that, for now, remains only partly confirmed. It would also add one more entry to an already long list of breaches tied to the gang this year.