Kodak has confirmed it is collaborating with external cybersecurity experts to investigate a security breach after hackers accessed some of its data.
Founded in 1880 as the Eastman Kodak Company and based in Rochester, New York, Kodak holds 79,000 patents worldwide and provides products in commercial printing, advanced materials, and chemicals.
A company spokesperson told BleepingComputer that the attackers accessed only a “limited amount” of data and did not respond to a follow-up email asking whether Kodak’s internal network was breached.
“Kodak recently discovered that an unauthorized third party temporarily accessed a limited set of company data. We quickly involved external cybersecurity experts to investigate what data was accessed and copied,” Kodak stated. “We are working with law enforcement and believe there is no threat to our systems or operations. We will provide further updates as needed.”
Although Kodak has not yet confirmed who was responsible for the breach, the ShinyHunters extortion group has claimed responsibility on their dark web leak site. The cybercrime group alleged they stole over 2.2 million records containing customers’ personally identifiable information (PII) and internal corporate data, threatening to release the data on Thursday.
“Over 2.2 million records with customer PII and other internal data were compromised,” they said. “This is a final warning to contact us by June 18, 2026, before we leak the data along with various digital problems that will affect you.”
Kodak has not disclosed how the hackers gained access, but ShinyHunters also claimed to have attacked hundreds of Salesforce customers over the past year, stealing more than 1.5 billion records from Salesforce Aura and Salesloft Drift campaigns. The group is also linked to breaches at over a dozen Snowflake customers and other third-party providers.
READ MORE: Europe frets about U.S. AI as tech world flocks to France for G7, VivaTech
Last week, ShinyHunters claimed responsibility for a new wave of attacks on over 100 organizations, including the University of Nottingham, following data thefts that exploited a zero-day vulnerability in Oracle’s PeopleSoft enterprise software.