Eastman Kodak Company has confirmed it is investigating a security breach after the ShinyHunters extortion group publicly claimed responsibility for stealing more than 2.2 million records. The threat actors set a June 18 deadline for Kodak to respond before releasing the stolen data, which allegedly includes customer personally identifiable information and internal corporate data. The company acknowledged the incident to multiple security news outlets while emphasizing that the breach was limited in scope.

ShinyHunters has established a pattern of targeting organizations with data theft and extortion rather than traditional ransomware encryption. The group typically makes public claims and sets deadlines to pressure victims into paying before full details emerge. In this case, ShinyHunters has not publicly provided proof of the stolen data, which follows a common extortion playbook where threat actors leverage the fear of data exposure to force negotiations.

Kodak told investigators that an unauthorized third party gained access to a limited amount of company data and that the incident appears to have been contained. The company has brought in external cybersecurity experts to assist with the investigation and has notified law enforcement. The method of initial access remains unknown, though ShinyHunters is known for using social engineering tactics, bribery, and exploiting zero-day vulnerabilities to conduct supply chain attacks.

The company maintains that there is no ongoing threat to its systems or operations, though the investigation continues. Kodak has not yet disclosed the specific number of affected customers or the exact types of data accessed. The breach represents another example of modern extortion tactics that prioritize data theft over system encryption, allowing attackers to maintain leverage without disrupting business operations.

Security experts recommend that Kodak customers immediately change their account passwords and avoid reusing credentials across multiple services. Enabling multi-factor authentication provides an additional security layer that prevents account takeover even if passwords are compromised. Customers should also remain vigilant for phishing attempts, as cybercriminals often exploit post-breach confusion by sending fraudulent communications that appear to come from the affected company. US residents may want to consider placing credit freezes with major credit bureaus and monitoring their accounts for suspicious activity.

Source: https://www.malwarebytes.com/blog/news/2026/06/kodak-confirms-breach-as-shinyhunters-leak-threat-reaches-deadline