Eastman Kodak has confirmed a cybersecurity incident after the notorious ShinyHunters extortion group posted a threat on its dark web leak site, claiming to have stolen over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data.

The imaging technology giant acknowledged that an unauthorized third party briefly accessed “a limited amount” of company data, though Kodak has not independently verified the full scope of the threat actor’s claims.

The breach was first observed on June 15, 2026, when ShinyHunters, one of the most prolific cybercrime and extortion groups currently active, listed Kodak on its dark web leak site.

Kodak Confirms Data Breach

The group issued a “final warning” demanding the company make contact by June 18, 2026, or face a public release of the exfiltrated data along with what they described as additional “annoying (digital) problems.”

In a statement provided to the media, Kodak said: “Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data.

We promptly engaged external cybersecurity experts to support an investigation of what data was accessed and copied. We are working with law enforcement and are confident there is no threat to our systems or operations.”

Cyber Alert Update

USA – 𝗞𝗼𝗱𝗮𝗸

Kodak confirmed a data breach after unauthorized access to a limited amount of company data. ShinyHunters claimed to have stolen over 2.2 million customer PII and internal corporate records

Threat actor: ShinyHunters
Sector:… pic.twitter.com/vYEAahpftU

— Hackmanac (@H4ckmanac) June 17, 2026

The company has not disclosed which specific categories of customer PII were accessed, nor has it confirmed whether formal breach notification obligations have been triggered under applicable data protection regulations. No service disruptions or operational impacts have been reported as of this writing.

ShinyHunters is a well-documented cybercriminal syndicate with a history of large-scale data theft and extortion campaigns targeting organizations across multiple sectors.

The group typically operates through social engineering and vishing attacks to compromise employee credentials before mass-exfiltrating sensitive data. In 2026 alone, the group has claimed responsibility for several high-profile breaches.

These include an attack on Instructure Canvas affecting up to 9,000 educational institutions, a breach at Charter Communications involving approximately 42 million alleged records, and a compromise of Oracle PeopleSoft customers spanning more than 100 organizations.

Despite the scale of the Kodak claim, ShinyHunters has not published any proof samples or data previews to validate the alleged 2.2 million record figure a pressure tactic the group has deployed in past campaigns to compel victim organizations into paying.

Kodak has committed to working with external cybersecurity experts and law enforcement as the investigation continues.

According to CSN, the company has not yet confirmed whether the breach triggers notification requirements under regulations such as GDPR, CCPA, or applicable U.S. state data breach laws.

Given ShinyHunters’ documented track record of following through on public data leaks when extortion demands go unmet, the June 18 deadline places significant urgency on Kodak’s response.

Security researchers and threat intelligence analysts will be closely monitoring the group’s leak site for any data publication in the coming days. Kodak has stated it will provide additional updates as the investigation develops.

CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine”

The post Kodak Confirms Data Breach After ShinyHunters Claims Customer Data Theft appeared first on Cyber Security News.

DragonForce is the first ransomware operator to use this technique that was discovered last year.

Hackers claim they stole 1.3TB of Novo Nordisk data, including clinical trial and AI model information, after issuing a $25 million demand.

The post Ozempic Maker Novo Nordisk Confirms Security Incident After $25M Hacker Demand appeared first on TechRepublic.

The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023. The group provides affiliates with ransomware tools and supporting services in exchange for a share of ransom payments. First known abuse of Microsoft Teams TURN infrastructure “Backdoor.Turn obtains an anonymous Teams visitor token from … More →

The post Cybercriminals mask malicious communications through Microsoft Teams relays appeared first on Help Net Security.

A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website