A California man has pleaded guilty to multiple felony charges stemming from his theft of a staggering terabyte of sensitive data from The Walt Disney Company. Ryan Mitchell Kramer, 25, of Santa Clarita, acknowledged his actions in a federal court in Los Angeles, revealing the extent of the breach that warranted Disney’s decision to discontinue the use of the Slack collaboration platform.
Kramer, under the guise of a fictitious Russian hacktivist group called ‘NullBulge,’ had gained access to the computer of a Disney employee and extracted an array of confidential information, including bank details and personal data. The breach, which took place on July 12, 2024, involved Kramer posting over 1.1 terabytes of data online, raising significant cybersecurity concerns within the entertainment giant. Information leaked included crucial financial figures and sensitive logins related to Disney’s digital platforms like Disney+ and ESPN+.
The incident was first reported by the Wall Street Journal, which outlined how Kramer’s actions led to significant scrutiny of the company’s cybersecurity measures. In a regulatory filing dated August 2024, Disney confirmed the hack yet claimed it did not have a material impact on business operations. In a statement, a Disney spokesperson expressed satisfaction with the outcome: ‘We are pleased that this individual has been charged and has agreed to plead guilty to federal charges. We remain committed to working closely with law enforcement to ensure that cybercriminals are brought to justice.’
Kramer’s method of operation included distributing malicious software disguised as tools for generating artificial intelligence art, which he shared on public platforms such as GitHub. SentinelLabs revealed that he utilized these means to infiltrate computer systems and exfiltrate sensitive data, also posting the information to a Discord channel. Following the breach, reports indicated that Disney would be transitioning to more secure collaboration tools to safeguard against future hacking attempts.