Eastman Kodak has confirmed a cybersecurity incident after the ShinyHunters extortion group posted a threat on its dark web leak site, claiming to have stolen over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data.
The imaging technology giant acknowledged that an unauthorized third party briefly accessed “a limited amount” of company data, though the company has not independently verified the full scope of the threat actor’s claims.
The breach was first observed on June 15, 2026, when ShinyHunters, one of the most prolific cybercrime and extortion groups currently active, listed Kodak on its dark web site.
The group issued a “final warning” demanding the company make contact by June 18, 2026, or face a public leak of the exfiltrated data along with what they described as additional “annoying (digital) problems.”
In a statement provided to the media, Kodak said: “Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data.
We promptly engaged external cybersecurity experts to support an investigation of what data was accessed and copied. We are working with law enforcement and are confident there is no threat to our systems or operations.”
ShinyHunters is a well-documented cybercriminal syndicate with a history of large-scale data theft and extortion campaigns targeting organizations across multiple sectors.
In 2026 alone, the group has claimed responsibility for breaches at Instructure Canvas affecting up to 9,000 educational institutions, Charter Communications (42 million alleged records), and Oracle PeopleSoft customers across more than 100 organizations.
The group typically operates via social engineering and vishing attacks to compromise employee credentials before exfiltrating sensitive data. ShinyHunters has not published any proof samples to validate the scale of the Kodak breach claim.
Kodak has not disclosed which categories of customer PII were accessed, nor has it confirmed whether any formal breach notification obligations have been triggered under applicable data protection regulations. No service disruptions or operational impacts have been reported as of this writing.
The investigation remains ongoing, and Kodak has committed to providing additional updates as circumstances develop.
CISO & Security Leaders: Your next breach may not have a face. Join ISC2’s LIVE webinar, “Ghost in the Machine”
