A Disney Cruise Line Data Breach reportedly exposed a significant amount of data, including employee information, revenue, and more.
At a Glance
- Leaked Disney data reportedly included financial and strategy information, as well as personally identifiable information of staff and customers.
- The leak involved over a terabyte of data from Disney’s communication systems.
- Personal data leaked included passport numbers, visa details, addresses, and place of birth of staff on Disney cruises.
- The leaked files contained detailed revenue information for Disney+ and ESPN+, among other sensitive data.
Extensive Amounts of Sensitive Data Allegedly Exposed
Earlier this summer, a significant data breach from Disney Cruise Line reportedly exposed a considerable amount of sensitive information. The Wall Street Journal reported that in August, Disney revealed to investors that the leak involved over one terabyte of data from a Disney communication system.
According to new information from the outlet, this breach involved data ranging from passport numbers and visa details to addresses and places of birth of staff members on Disney cruises. Moreover, it also allegedly contained a spreadsheet with the names, addresses, and phone numbers of Disney Cruise Line passengers.
The personal details of Disney’s employees and customers were reportedly part of the data breach. The situation involving these sensitive documents underscores the challenges companies face today in securing such data.
Data from Disney that a hacking entity calling itself Nullbulge leaked earlier this summer includes details about streaming revenue, park pricing and some Disney cruise staff and customers https://t.co/LUnrEffRJK https://t.co/LUnrEffRJK
— The Wall Street Journal (@WSJ) September 5, 2024
Financial and Strategic Secrets
Alongside personal data, the leaked files also reportedly revealed significant financial and strategic secrets of Disney. This includes detailed revenue figures for Disney+ and ESPN+, park pricing offers, and login credentials for Disney’s cloud infrastructure.
The Wall Street Journal reported that it reviewed files related to the breach but clarified it did not try to access Disney’s systems. A spokesperson, however, reportedly told the Journal, “We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor’s illegal activity.”
The breach did not stop at financial details, per the outlet; it also involved more than 44 million messages from Disney’s Slack communications tool. These messages reportedly included computer code, details about unreleased projects, and internal spreadsheets detailing revenue from Disney’s Genie+ theme park passes.
Unprecedented Scale and Impact
The hacking group known as NullBulge is believed to be responsible for the data leak, uploading over a terabyte of data in July. This act has provided cyber-criminals with information that could severely damage Disney’s financial and strategic interests.
The cyberattack on Disney’s internal communication platforms, including Slack, involved up to 10,000 channels. This leak included internal conversations dating back to 2019 about job applicants, projects, employee programs, website development, and ad campaigns.
Sources
- Leaked Disney Data Reveals Financial and Strategy Secrets
- Leaked Disney data reveals financial and strategy secrets, WSJ reports
- Leaked Disney data from hacking scandal includes company secrets, internal Slack messages and revenue figures: report