Under the cover of hacktivist, a man confesses to hacking Disney and leaking data.

A 25-year-old man from California, Ryan Mitchell Kramer, has confessed to hacking into Disney’s computer systems and leaking data under the false front of a hacktivist group, as reported by the U.S. Justice Department

  Cyber Crime   May 6, 2025  Add to Reading List
Under the cover of hacktivist, a man confesses to hacking Disney and leaking data.

A 25-year-old man from California, Ryan Mitchell Kramer, has confessed to hacking into Disney’s computer systems and leaking data under the false front of a hacktivist group, as reported by the U.S. Justice Department.

The Department of Justice shared that Kramer admitted to unauthorized computer access for obtaining information and threatening to damage protected computers. He now faces two serious charges, each potentially resulting in a five-year prison sentence.

This incident involves the 2024 Disney hack orchestrated by Kramer. Disney launched an investigation in July 2024 after a group named NullBulge claimed credit for stealing 1.1 terabytes of data from Disney’s internal Slack channels. This data included private messages, information about unfinished projects, login details, and source codes.

NullBulge claimed their actions were to protect artists' rights and ensure they receive fair compensation. However, the security firm SentinelOne highlighted a discrepancy between NullBulge’s stated mission and its actions. They targeted AI and gaming companies using ransomware and malware planted through fake code on platforms like GitHub and Hugging Face.

Kramer disguised his malware as a tool for creating AI-generated art. In reality, this software installed malware, allowing him to control the victim’s device.

In Disney’s case, an employee downloaded this fake AI tool onto their personal computer, which enabled Kramer to access the Slack account used by the employee at Disney. This access allowed Kramer to steal significant amounts of information from numerous Slack channels owned by Disney.

According to the Department of Justice, Kramer pretended to represent the NullBulge group, allegedly based in Russia, and attempted to extort the Disney employee. After the employee did not respond, Kramer leaked the employee's personal information alongside the stolen Disney files.

As a result of the data breach, Disney reportedly ceased using Slack for internal communications. The employee responsible for downloading the malware and inadvertently granting Kramer access was fired for misconduct and later filed a wrongful termination complaint.

Officials stated that Kramer also admitted to hacking the computers and accounts of at least two more victims, whose names remain undisclosed.

Separately, another incident involved a former Disney World worker who was sentenced to three years in prison for hacking into the company’s servers, causing disruptions, and manipulating menus.