Kodak Confirms Data Breach After ShinyHunters Claims Customer Records Were Stolen

Eastman Kodak has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it stole more than 2.2 million customer and corporate records from the company.

Kodak said an unauthorized third party briefly accessed a limited amount of company data, according to Cybernews. The company said it hired external cybersecurity experts, started an investigation, and is working with law enforcement.

The company has not confirmed the full scope of ShinyHunters’ claim. It also has not disclosed which data categories were accessed, whether customer personally identifiable information was copied, or whether breach notifications will be required.

What Kodak Has Confirmed So Far

Kodak described the incident as temporary unauthorized access to a limited amount of company data. The company also said it has no evidence of a threat to its systems or operations, according to BleepingComputer.

That distinction matters. Kodak has confirmed a security incident, but it has not confirmed that ShinyHunters stole 2.2 million records or that the attackers obtained all the customer and internal data they claim to hold.

ShinyHunters listed Kodak on its dark web leak site and issued a June 18, 2026 deadline for the company to make contact. The group threatened to leak the alleged data if Kodak did not respond.

Detail	Current status
Company	Eastman Kodak
Threat group claim	More than 2.2 million customer and corporate records stolen
Kodak confirmation	Temporary unauthorized access to a limited amount of company data
Operational impact	No reported threat to systems or operations
Proof samples	No public proof samples reported at the time of initial coverage
Investigation	External cybersecurity experts and law enforcement involved

ShinyHunters Claims 2.2 Million Records Were Stolen

ShinyHunters claimed it had stolen customer personally identifiable information and internal corporate data from Kodak. The group did not publish public proof samples to validate the full claim at the time of the initial reports.

Cybernews said the extortion post listed Kodak on the group’s leak site and warned the company to respond before June 18. The claim followed a pattern seen in other ShinyHunters campaigns, where the group names an organization, claims data theft, and uses a public deadline to pressure the victim.

The size of the alleged data theft remains unconfirmed. Until Kodak completes its investigation, the confirmed facts are limited to temporary unauthorized access, a limited amount of company data, and an ongoing forensic review.

Why the Kodak Breach Matters

Kodak is a long-running imaging and technology company with businesses across commercial print, packaging, publishing, manufacturing, and entertainment markets, according to Kodak.

That broad customer and business footprint makes any confirmed data access worth watching, even if the final scope turns out to be smaller than the attackers claim. Corporate data, customer records, vendor records, and internal documents can all create risk if exposed.

Data theft incidents can also trigger follow-on attacks. If criminals obtain names, emails, phone numbers, account details, purchase records, or internal contact lists, they may use them for phishing, fraud, vendor impersonation, or targeted social engineering.

ShinyHunters Has Been Linked to Several Recent Extortion Claims

ShinyHunters has remained active in 2026 with claims against multiple organizations. A recent SecurityWeek report said the group also claimed to have hacked the Council of Europe and stolen nearly 300 GB of data.

The group has also been tied to broader data theft and extortion campaigns. Recent public reporting has linked ShinyHunters to attacks or claims involving education, telecom, enterprise software, and business data platforms.

🚨Cyber Alert Update ‼️

🇺🇸USA – 𝗞𝗼𝗱𝗮𝗸

Kodak confirmed a data breach after unauthorized access to a limited amount of company data. ShinyHunters claimed to have stolen over 2.2 million customer PII and internal corporate records

Threat actor: ShinyHunters
Sector:… pic.twitter.com/vYEAahpftU

— Hackmanac (@H4ckmanac) June 17, 2026

Not every ShinyHunters claim has the same level of public proof at the time it appears. For defenders, the right approach is to separate confirmed company statements from attacker claims and then watch for breach notifications, forensic updates, and data leaks.

What Customers Should Watch For

Kodak has not confirmed which customer data, if any, was exposed. Customers should still stay alert because extortion claims often lead to phishing and impersonation attempts, even before a company completes its investigation.

• Be cautious with emails claiming to be from Kodak support, billing, or account teams.
• Do not open unexpected attachments related to invoices, warranties, orders, or account verification.
• Use official Kodak contact channels before responding to breach-related messages.
• Watch for suspicious password reset emails or account access alerts.
• Monitor payment cards and business accounts if you used them with Kodak services.
• Change reused passwords if the same credentials were used on Kodak-related accounts and other services.

Kodak customers should also wait for direct notifications before assuming their personal data was affected. Public extortion posts often contain exaggerated or incomplete claims.

What Kodak and Investigators Are Likely Reviewing

Forensic teams will likely focus on how the third party gained access, what systems were reachable, what data was viewed, and what data was copied. The investigation will also need to determine whether any regulated personal information was involved.

For a public company, the material impact of a cyber incident can also matter. Kodak’s own SEC filings warn that cyberattacks or other data security incidents could disrupt operations or compromise proprietary or confidential information, according to the company’s 2024 annual report.

If investigators confirm customer data exposure, Kodak may need to notify affected individuals, regulators, business partners, or customers depending on the type of data and the jurisdictions involved.

Investigation question	Why it matters
How did the attacker gain access?	Helps close the entry point and prevent repeat access
What data was accessed?	Determines customer, employee, and corporate risk
Was data copied or only viewed?	Shapes notification and response decisions
Were credentials exposed?	May require password resets and identity monitoring
Did attackers maintain persistence?	Confirms whether systems remain at risk

No System Disruption Has Been Reported

Kodak said there is no threat to its systems or operations, according to BleepingComputer. That suggests the incident is currently being treated as a data access and investigation matter rather than a disruptive ransomware encryption event.

The absence of system disruption does not remove the risk. Data theft extortion can still affect customers and businesses if attackers publish sensitive records or use them for fraud and social engineering.

The company has not said whether the incident will have a material business impact. Kodak’s 2024 annual report notes that cyber incidents involving disruption, unauthorized access, or compromise of confidential information could negatively affect the company.

What Happens Next

Kodak’s investigation will decide the next steps. The company needs to confirm what was accessed, whether any data was copied, whether the incident connects directly to ShinyHunters’ claim, and whether affected people need to be notified.

SecurityWeek’s recent reporting on ShinyHunters activity shows that the group continues to use public leak-site pressure against organizations. That makes timing important, because attackers may release proof samples or full datasets if extortion talks fail.

Kodak customers and partners should rely on direct company notifications, official support channels, and trusted security reporting. The confirmed incident is real, but the scale of ShinyHunters’ 2.2 million-record claim remains unconfirmed.

FAQ