A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking into the personal computer of a Walt Disney Company employee and stealing a massive amount of sensitive internal data last year.
Ryan Mitchell Kramer faces charges related to unauthorized computer access and threats to damage a protected computer, marking a significant cybersecurity breach involving one of the world’s largest entertainment conglomerates.
Details of the Hacking Incident
According to federal prosecutors, Kramer orchestrated the attack by posting a seemingly harmless computer program online in early 2024.
.png
)
Marketed as a tool for creating AI-generated art and shared on platforms like GitHub, the program contained a malicious file designed to infiltrate victims’ computers.
When the victim, a Disney employee, downloaded the program in April or May 2024, Kramer gained control over the employee’s personal computer and accessed stored login credentials, including those used for work accounts.
Leveraging the stolen credentials, Kramer infiltrated Disney’s internal Slack communication channels, which are typically used by employees for collaborative work and confidential discussions.
In total, Kramer illegally downloaded approximately 1.1 terabytes of confidential data from thousands of private Disney Slack channels during May 2024.
In July 2024, Kramer escalated the situation by impersonating a member of a fictitious Russia-based hacktivist group called “NullBulge.”
He reached out to the victim via email and the messaging platform Discord, threatening to leak both the victim’s data and Disney’s internal information if his demands were not met.
When the victim did not respond to these threats, Kramer followed through on his promise and publicly released the stolen Disney Slack files along with the victim’s personal details-including bank and medical information-across multiple online platforms on July 12, 2024.
Kramer’s plea agreement also revealed that he had at least two other victims who were similarly compromised after downloading his malicious file.
The unauthorized access to their computers and accounts underscores the broader scope of this cyberattack beyond just Disney.
The case is being prosecuted by Assistant United States Attorneys Lauren Restrepo and Maxwell Coll, specialists in cyber and intellectual property crimes.
Kramer faces two felony charges, each carrying a maximum federal prison sentence of five years. He is expected to make his initial court appearance soon in the United States District Court in downtown Los Angeles.
The Federal Bureau of Investigation (FBI) continues investigating this case as part of its broader efforts to combat cybercrime targeting major corporations.
This incident highlights the increasing risks of sophisticated cyberattacks and the importance of robust security measures to protect sensitive corporate data.
This case serves as a stark reminder of the critical vulnerabilities posed by social engineering and malware in today’s digital landscape, especially within high-profile companies like Disney.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
