Iconic imaging and technology company Kodak has confirmed a data breach following claims by the notorious ShinyHunters hacking group that it successfully exfiltrated over 2.2 million customer records containing personally identifiable information (PII) and sensitive internal corporate data. The breach represents the latest high-profile victim of ShinyHunters, one of the most prolific data theft groups operating today.
ShinyHunters’ Claims and the “Final Warning”
ShinyHunters announced the Kodak breach via underground forums, claiming to possess a database containing over 2.2 million records of customer PII along with internal corporate documents. In a move consistent with their extortion playbook, the group issued a “final warning” demanding that Kodak make contact by June 18, 2026 — threatening to release the stolen data publicly if their demands were not met.
Kodak subsequently acknowledged that unauthorized access to “a limited amount of company data” had occurred, stopping short of confirming the full scale of the breach claimed by ShinyHunters. This carefully worded confirmation nonetheless validates that a security incident took place, and affected individuals should take precautionary action regardless of the precise scope.
Who Is ShinyHunters?
ShinyHunters is one of the most active and destructive data theft groups in operation, with a track record of targeting major enterprises. The group has been linked to breaches at Ticketmaster (560 million records), Santander Bank, AT&T, Advance Auto Parts, and dozens of other organizations. Their modus operandi typically involves exploiting cloud misconfigurations, stolen credentials, or supply chain vulnerabilities to access databases, then either selling the data on dark web markets or extorting victims directly.
The group’s naming convention — issuing “final warnings” with countdown deadlines — is a well-documented pressure tactic designed to force victims into paying ransoms before stolen data is weaponized further through public dumps or targeted phishing campaigns against affected customers.
What Data Was Exposed?
While Kodak has not publicly disclosed the specific categories of data accessed, ShinyHunters’ claims indicate the stolen dataset includes:
- Customer personally identifiable information (names, addresses, email addresses, phone numbers)
- Internal corporate records and documentation
- Potentially financial data or account credentials, consistent with ShinyHunters’ previous breach profiles
Kodak is a well-known brand with a broad consumer and enterprise customer base spanning photography enthusiasts, healthcare imaging, and printing industry clients — meaning the potential scope of impacted individuals is significant.
Implications for Affected Customers
Data breaches involving PII create lasting risks well beyond the immediate incident. Stolen customer records are frequently used in:
- Targeted phishing campaigns — attackers use real customer data to craft convincing impersonation emails
- Credential stuffing attacks — if passwords were exposed, they will be tested against other platforms
- Identity theft — names, addresses, and account details combined can enable fraudulent account creation
- Social engineering — attackers use legitimate-looking data to manipulate victims or customer service representatives
What Kodak Customers Should Do Now
Individuals who have an account with Kodak or have purchased services or products from the company in recent years should take the following steps immediately:
- Change your Kodak account password and any other accounts where you reuse the same password
- Enable multi-factor authentication on your Kodak account and other important accounts
- Monitor for suspicious emails claiming to be from Kodak or related services — phishing campaigns targeting breach victims typically follow within days
- Check for identity theft signs by reviewing your credit reports and financial statements for unusual activity
- Be wary of unsolicited phone calls referencing your Kodak account, as social engineering attacks frequently follow data breaches
A Pattern of Escalating Attacks on Established Brands
The Kodak breach fits a broader pattern of ShinyHunters and similar groups targeting legacy enterprises with recognizable brand names and large customer bases. These organizations often present attractive targets due to a combination of extensive historical customer databases, complex IT environments carrying technical debt, and high public visibility that makes ransom payments more likely. As ShinyHunters continues to operate with apparent impunity, enterprises of all sizes must prioritize both preventive controls and rapid incident detection capabilities.
Source: Cyber Security News — June 17-18, 2026