Kodak confirms data breach as ShinyHunters extortion group claims over 2.2 million records stolen

SiliconFeed EditorialJune 17, 2026

data breach ShinyHunters Kodak cybersecurity extortion Oracle PeopleSoft

Sections and tags — in the Topics menu Search the feed

At a glance:

Kodak confirmed a security breach after unauthorized access to limited company data.
The ShinyHunters extortion group claimed responsibility, alleging theft of 2.2 million customer records.
Threat actors set a June 18, 2026 deadline for Kodak to respond before leaking exfiltrated data.

What happened

Kodak has confirmed that it is working with external cybersecurity experts to investigate a security breach following unauthorized access to some of its data. In a statement to BleepingComputer, a company spokesperson acknowledged that attackers accessed a "limited amount" of data but did not specify whether internal networks were compromised. The firm emphasized that it is collaborating with law enforcement and maintains that there is no threat to its systems or operations. Kodak has not yet disclosed the method of entry or the full scope of the breach, though it pledged to provide updates as the investigation progresses.

The breach came to light after the ShinyHunters extortion gang publicly claimed responsibility on their dark web leak site. According to the group, over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data were stolen. ShinyHunters issued a "final warning" to Kodak, demanding contact before June 18, 2026, or else the data would be leaked alongside unspecified digital disruptions. While Kodak has not officially attributed the attack to the group, the claim raises concerns about potential exposure of sensitive customer and business information.

ShinyHunters' track record

ShinyHunters has emerged as a prolific extortion group, previously targeting hundreds of Salesforce customers in campaigns exploiting vulnerabilities in Salesforce Aura and Salesloft Drift platforms. The gang claims to have stolen over 1.5 billion records across these incidents, though verification remains challenging. Additionally, the group has been linked to breaches at more than a dozen Snowflake customers and various third-party integration providers, suggesting a pattern of targeting enterprise software ecosystems.

Just one week prior to the Kodak incident, ShinyHunters claimed responsibility for breaches at over 100 organizations, including the University of Nottingham. These attacks leveraged a zero-day vulnerability in Oracle's PeopleSoft enterprise business software suite, highlighting the group's focus on exploiting critical infrastructure gaps. The PeopleSoft flaw allowed unauthorized access to databases, underscoring the risks of unpatched enterprise systems in supply chain attacks.

Implications and next steps

Kodak's breach underscores ongoing risks in enterprise cybersecurity, particularly for legacy companies managing vast intellectual property and customer data repositories. The firm's 79,000 global patents and operations in commercial print, advanced materials, and chemicals suggest potential exposure of proprietary research or client contracts. However, Kodak's assertion that systems remain secure indicates the breach may have been contained to specific data repositories rather than core infrastructure.

The incident also reflects broader trends in cybercrime, where extortion groups increasingly target third-party integrations and enterprise software to amplify their reach. Organizations relying on platforms like Salesforce, Snowflake, or Oracle PeopleSoft face heightened risks if vendors fail to patch vulnerabilities promptly. For Kodak, the next steps involve forensic analysis, potential regulatory disclosures under data protection laws, and mitigation strategies to prevent future incidents. The June 2026 deadline set by ShinyHunters adds urgency, though experts caution that paying extortion demands rarely guarantees data safety.

Industry context

The breach arrives amid rising scrutiny of enterprise software security, with recent attacks on platforms like Microsoft Exchange and SolarWinds demonstrating cascading risks across supply chains. Kodak's case highlights the need for proactive threat modeling and breach simulation tools, as noted in recent cybersecurity whitepapers emphasizing pre-emptive defense strategies. While the company's immediate response appears measured, stakeholders will monitor whether the breach impacts its commercial operations or customer trust in its data handling practices.

ShinyHunters' tactics align with a growing trend of "double extortion," where attackers both steal data and threaten operational disruption. Their focus on Oracle PeopleSoft and Salesforce ecosystems suggests targeting sectors with high-value intellectual property or customer databases. The group's public leak sites and deadlines mirror tactics used by other ransomware outfits, though their specific motivations and technical capabilities remain under analysis by threat intelligence firms.

Editorial SiliconFeed is an automated feed: facts are checked against sources; copy is normalized and lightly edited for readers.

Briefing

Kodak

Founded in 1880, Kodak is a Rochester, New York-based company specializing in commercial print, advanced materials, and chemical products, with 79,000 global patents.

ShinyHunters

A cybercrime extortion group known for targeting enterprise software platforms and claiming large-scale data thefts, including attacks on Salesforce and Oracle PeopleSoft users.

Oracle PeopleSoft

An enterprise business software suite exploited by ShinyHunters in a zero-day attack affecting over 100 organizations, including the University of Nottingham.

Salesforce

A customer relationship management platform targeted by ShinyHunters in campaigns stealing over 1.5 billion records through Salesforce Aura and Salesloft Drift vulnerabilities.

Snowflake

A cloud data platform linked to ShinyHunters breaches at more than a dozen customer organizations, highlighting third-party integration risks.

University of Nottingham

One of over 100 organizations recently breached by ShinyHunters via the Oracle PeopleSoft zero-day vulnerability.

BleepingComputer

A cybersecurity news outlet that reported on Kodak's breach and ShinyHunters' claims, citing company statements and dark web leak site details.

FAQ

What did Kodak confirm about the breach?

Kodak confirmed that an unauthorized third party temporarily accessed a limited amount of company data. The firm is working with external cybersecurity experts and law enforcement to assess the breach's scope and impact. No immediate threat to systems or operations has been identified, though the investigation is ongoing.

What data did ShinyHunters claim to steal from Kodak?

The ShinyHunters extortion group claimed to have stolen over 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. They set a deadline of June 18, 2026, for Kodak to respond before leaking the exfiltrated data. The group also threatened to introduce unspecified digital disruptions if their demands were not met.

What other attacks has ShinyHunters been linked to?

ShinyHunters has previously targeted hundreds of Salesforce customers, claiming over 1.5 billion records stolen via vulnerabilities in Salesforce Aura and Salesloft Drift. The group is also linked to breaches at more than a dozen Snowflake customers and third-party integration providers. Recently, they claimed attacks on over 100 organizations, including the University of Nottingham, exploiting a zero-day flaw in Oracle's PeopleSoft software.

More in the feed

Prepared by the editorial stack from public data and external sources.

Original article