More than a decade after reinventing itself as a business-to-business technology company, Kodak has found itself dealing with a modern cybersecurity challenge: a public extortion claim from the notorious ShinyHunters threat group.
The company confirmed that an unauthorized third party gained temporary access to a limited amount of corporate data and stated that it immediately engaged external cybersecurity experts to investigate the incident. Kodak also said it is working with law enforcement and currently believes there is no ongoing threat to its systems or business operations.
The disclosure came after ShinyHunters added Kodak to its leak site, claiming to have stolen more than 2.2 million records containing customer information and internal corporate data. The group threatened to publish the allegedly stolen information if the company failed to make contact before a stated deadline. At the time of disclosure, the attackers had not publicly provided conclusive evidence supporting the full scale of their claims.
A significant gap remains between Kodak’s description of the incident and the attackers’ allegations. Kodak characterized the event as temporary access to a limited amount of data, while ShinyHunters claims to possess millions of records. Determining which assessment is accurate will require a detailed forensic investigation, a process that can take weeks or even months depending on the complexity of the intrusion.
The incident follows a pattern increasingly seen across the cyber extortion landscape. Threat actors first publish a victim’s name on a leak portal, announce a deadline for negotiations, and threaten public disclosure if demands are not met. The objective is often to create reputational pressure before technical investigations are complete. Organizations are then forced to respond not only to the security incident itself but also to public speculation surrounding the scope of the breach.
ShinyHunters has become one of the most active data-extortion groups in recent years, repeatedly targeting large enterprises, educational institutions, cloud environments, and SaaS platforms. The group has been linked to numerous high-profile breaches and frequently focuses on stealing data rather than encrypting systems, using the threat of publication as leverage during negotiations.
For Kodak customers and business partners, the most important unanswered question is what information, if any, was actually accessed. Until the investigation concludes, organizations connected to Kodak should remain alert for phishing attempts or social engineering campaigns that may attempt to exploit concerns surrounding the breach. Individuals should be cautious of unsolicited communications claiming to reference Kodak accounts, transactions, or support requests.
While Kodak has stated that operations remain unaffected, the incident serves as another reminder that even established global brands remain attractive targets for cybercriminal groups seeking valuable data and public attention. The coming weeks will likely determine whether this was a limited exposure event or a much larger compromise than currently acknowledged.