Eastman Kodak — ShinyHunters extortion claim, US imaging manufacturer

On 15 June 2026 the ShinyHunters extortion crew added Eastman Kodak to its dark-web leak portal, claiming to have stolen more than 2.2 million records containing customer personal information and internal corporate data. An 18 June deadline was attached to the listing, threatening publication if the company did not engage.

Kodak acknowledged a security incident on 17 June, stating that an “unauthorised third party” had briefly accessed a limited amount of company data. The company said it had engaged external cybersecurity experts and notified law enforcement, that its operations remained unaffected, and — notably — it did not confirm the 2.2 million record count claimed by the attackers. The intrusion vector has not been described publicly.

The gap between the extortion claim and the victim statement is the open question. ShinyHunters’ leak-site numbers function as negotiating leverage rather than audited figures, and a company’s early “limited amount” language typically precedes a full file review. The credible scope, if the data is genuine, tends to emerge later through a US state attorney-general breach notification rather than the initial listing.

Kodak joins a long run of 2026 ShinyHunters targets including Pitney Bowes, Carnival, Charter, 7-Eleven, Medtronic, Cushman & Wakefield, Vimeo and Instructure. Across that campaign the cluster has repeatedly leaned on phishing-compromised employee accounts pivoting into Salesforce or other SaaS data stores rather than direct network intrusion; whether Kodak fits that pattern is not yet established.

A deep-dive will follow once the data taxonomy, any regulator filing and independent reporting on the intrusion route become publicly documented.