Eastman Kodak confirmed this week that an unauthorized third party gained temporary access to a portion of the company’s data. The disclosure came after the ShinyHunters extortion group posted Kodak on its dark web leak site and threatened to publish stolen records.
What ShinyHunters Claims to Have
According to ShinyHunters’ listing on their leak site, the breach involves more than 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. The group gave Kodak until June 18, 2026 to make contact before they would release the data along with what they described as “several annoying digital problems.”
BleepingComputer first reported the story on June 17. A Kodak spokesperson told the outlet that the company “promptly engaged external cybersecurity experts” to investigate what data was accessed and copied.
Kodak’s Response
“Kodak recently discovered that an unauthorized third party illegally gained temporary access to a limited amount of company data,” the company said in a statement. “We are working with law enforcement and are confident there is no threat to our systems or operations.”
Notably, Kodak did not specify whether the attackers breached the company’s internal network or gained access through a third-party integration. The spokesperson did not respond to follow-up questions about the attack vector.
The company, founded in 1880 and headquartered in Rochester, New York, holds 79,000 patents worldwide and provides commercial print, advanced materials, and chemical products. A breach of this scale could expose customer information for businesses that rely on Kodak’s industrial printing and chemical supply services.
Who Are ShinyHunters?
ShinyHunters is a prolific cybercrime group that has been active since at least 2020. They specialize in breaching companies through third-party SaaS integrations and then extorting victims with threats of data publication.
In the past year alone, the group has:
- Claimed attacks on over 100 Salesforce customers, alleging they stole more than 1.5 billion records through the Aura and Salesloft Drift integrations
- Linked to breaches at over a dozen Snowflake customers in a broader campaign targeting cloud data warehouses
- Claimed responsibility for a new series of breaches exploiting a zero-day flaw in Oracle’s PeopleSoft enterprise software, affecting organizations including the University of Nottingham
The Kodak breach fits ShinyHunters’ pattern of targeting established enterprises rather than startups or small businesses. Their leverage comes from the reputational damage of exposing data from companies with century-long brand histories.
The Third-Party Risk Problem
ShinyHunters has become a case study in third-party supply chain risk. Their repeated success through Salesforce, Snowflake, and Oracle integrations highlights how a single vulnerability in a widely used platform can cascade across hundreds of organizations.
The Verizon 2026 Data Breach Investigations Report, released earlier this year, found that third-party compromises were a factor in roughly 16% of all breaches, up from 9% the previous year. ShinyHunters has been a significant driver of that increase.
What Kodak Customers Should Do
Kodak has not yet specified what types of customer data were exposed. Until the investigation concludes, affected individuals should monitor their accounts for unusual activity, enable multi-factor authentication where available, and watch for follow-up communications from Kodak about the breach scope.
Law enforcement involvement suggests this may progress to criminal charges. The FBI and Europol have both previously targeted ShinyHunters members, though the group has proven resilient to takedowns by operating across multiple jurisdictions.
Kodak says it will share “additional updates as appropriate,” but has not provided a timeline for when customers can expect more details about which records were accessed.
