California Man Pleads Guilty to Massive Disney Data Breach and Extortion Attempt

A 25-year-old California man has pleaded guilty to federal charges after he was accused of building a sophisticated malware tool that ended up affecting The Walt Disney Company. The attack resulted in the theft of 1.1 terabytes of confidential data, and was followed up by extortion.

The breach

In 2024, Ryan Mitchell Kramer from California allegedly developed a malware disguised as an art tool that uses AI. He uploaded the software to a number of platforms, such as GitHub, and waited to see if people downloaded it. The malware Kramer is accused of building allowed unauthorized access to the victims’ computers.

A Disney employee fell for the ruse and downloaded the software, which gave the attacker access to the victim’s personal computer, including stored login credentials for both personal and work-related accounts.

With the stolen credentials, Kramer infiltrated Disney's internal Slack communication channels and managed to gain access to thousands of private channels. He proceeded to download approximately 1.1 terabytes of confidential data, including employee details, customer information, internal business discussions, and strategic planning documents.

The extortion

In July 2024, Kramer contacted the victim working at Disney via email and Discord. Posing as a member of a fictitious Russian hacktivist group named "NullBulge," he threatened to release the stolen data. He got no response, so he published the stolen information on July 12, 2024. The leaked information contained 44 million Slack messages, employee passport data, customer contact information, and financial details related to Disney's operations.

In May 2025, Kramer pleaded guilty to two felony charges: unauthorized access to a computer and threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison.

"We are pleased that this individual has been charged and has agreed to plead guilty to federal charges. We remain committed to working closely with law enforcement, as we did in this case, to ensure that cybercriminals are brought to justice,” said a Disney spokesperson.