Global imaging and technology giant Kodak has officially confirmed that it is investigating a cybersecurity incident after hackers gained unauthorized access to portions of its internal data. The company stated that it has engaged external cybersecurity experts and is actively working with law enforcement agencies to determine the exact scope and impact of the breach.
Kodak, founded in 1888 as the Eastman Kodak Company and headquartered in Rochester, New York, currently operates as a business-to-business provider in commercial printing, advanced materials, and chemical manufacturing. The company also holds a vast intellectual property portfolio, with more than 79,000 patents globally.
In an official statement, Kodak acknowledged that it recently discovered an unauthorized party had illegally gained temporary access to a limited amount of company data. The company clarified that the intrusion was brief and that only a restricted set of information was compromised. Kodak has not yet disclosed technical details regarding how the attackers initially bypassed its digital security perimeter.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The ShinyHunters Ransomware Ultimatum
While Kodak has maintained that the data access was strictly limited, the prolific cybercrime cartel known as ShinyHunters has claimed full responsibility for the intrusion. The extortion group added Kodak to its Tor-based dark web leak repository, issuing an aggressive “pay or leak” ultimatum to the company.
The threat actors explicitly warned Kodak to establish communication channels by June 18, 2026, threatening to release the exfiltrated cache publicly alongside what they described as a series of downstream digital complications if their demands are ignored.
According to claims published on the group’s extortion portal, the stolen database consists of more than 2.2 million files. The hackers allege that this repository contains sensitive customer Personally Identifiable Information (PII) along with confidential internal corporate records. At this stage, forensic analysts note that ShinyHunters has not published file samples or data proofs to substantiate the massive volume of records claimed in the breach.
The Wider Enterprise Targeting Campaign
The attack on Kodak is part of an aggressive, multi-month hacking campaign orchestrated by ShinyHunters targeting high-profile corporate entities globally. Security researchers tracking the syndicate have linked their recent operations to large-scale data exfiltration loops exploiting misconfigured cloud databases and identity layers.
The infrastructure threat tracking data highlights that the group frequently leverages highly targeted identity-centric tactics to compromise enterprise environments. Security analysts have observed the syndicate increasingly leaning toward identity layer exploitation, utilizing coordinated voice phishing and multi-factor authentication (MFA) manipulation loops to bypass standard access controls.
Additionally, the threat actors aggressively exploit severe cloud architecture weaknesses. They focus primarily on target-focused exploits that pinpoint vulnerabilities inside misconfigured enterprise applications and software-as-a-service (SaaS) platforms. Through these combined digital entry points, the syndicate has successfully executed recent parallel campaigns, launching major data exfiltration claims against multinational firms, global retail supply lines, and prominent academic institutions simultaneously.
Containment, Remediation, and Public Guidance
Kodak has assured stakeholders that it is prioritizing containment and network remediation efforts to fully eliminate any lingering vulnerabilities. The company emphasized that it believes there is no active, ongoing threat to its production networks or commercial business operations.
Forensic teams are currently analyzing internal system logs and application endpoints to determine the exact entry pathway utilized by the hackers and to verify whether any critical customer records were successfully exfiltrated.
As the internal review continues alongside federal agencies, Kodak has not confirmed whether any customer notification protocols will be triggered or if regulatory breach reports have been formally filed with data protection watchdogs. Security specialists advise organizations to strengthen verification protocols around enterprise identities, enforce strict multifactor authentication (MFA) parameters, and closely monitor unusual automated file download bursts to neutralize identity-centric data threats.
