A man has pleaded guilty to hacking the computer of a former Disney employee, whose information was used to obtain and leak troves of data about the entertainment giant’s theme park and streaming businesses.
As part of a deal with federal prosecutors, Ryan Mitchell Kramer, a California resident, pleaded guilty on Thursday to two charges related to illegally breaking into a computer system to access information, which each carry a maximum sentence of five years in prison.
Last year, a collection of data that shed light about Disney’s operations — including sales of Genie+ theme park passes, pricing offers the company has modeled and Disney+ streaming revenue — was leaked online by hackers, reported The Wall Street Journal. It drew from more than 44 million messages from Disney’s Slack workplace and at least 18,800 spreadsheets and 13,000 PDFs, detailing sensitive financial and strategy information that isn’t typically disclosed to investors. The scope of the material taken was limited to channels that the hacked employee had access to.
The plea agreement said that the worker’s computer became compromised when he downloaded AI software with malware, which enabled Kramer to access an online account where the employee stored login credentials to personal and work accounts. Using that information, Kramer downloaded roughly 1.1 terabytes of confidential data from thousands of Disney Slack channels. He then contacted the worker, pretending to be a member of a fake Russia-based hacktivist group called “NullBulge,” and threatened to leak the information.
The data — which included the employee’s bank, medical and personal information, as well as the passport numbers of a group of Disney cruise line workers — was ultimately leaked.
“We are pleased that this individual has been charged and has agreed to plead guilty to federal charges,” a Disney spokesperson said in a statement. “We remain committed to working closely with law enforcement, as we did in this case, to ensure that cybercriminals are brought to justice.”
In his plea deal, Kramer admitted to gaining access to the computers of two others who downloaded his malware.
After he disclosed the hack to Disney’s cybersecurity team, the worker was fired, the Journal reported. The entertainment giant said that a forensic analysis of his work computer showed that he accessed pornographic material on the device.