Disney Hacked: Sensitive Data Leaked Including Revenue Figures

Walt Disney faced a significant cybersecurity breach in July when hackers, identified as a group called NullBulge, accessed over 1.1 terabytes of sensitive internal data. This breach included internal communications, financial figures, and details about unreleased projects. Among the leaked information were revenue figures from Disney's Genie+ theme park passes, which generated over $724 million in pretax revenue from October 2021 to June 2022, highlighting its importance as a revenue stream for the company. Additionally, the hackers obtained financial data from Disney+, revealing that the streaming service generated more than $2.4 billion in revenue in the quarter ending in March, accounting for 43% of the revenue from Disney's direct-to-consumer segment, which also includes Hulu and ESPN+. This information is particularly sensitive as Disney does not publicly disclose revenue figures for individual streaming services, leading to investor disappointment. The breach also exposed personal information of Disney cruise staff, including passport numbers and addresses, raising concerns about employee privacy and security. Furthermore, the hackers accessed internal Slack messages from approximately 10,000 channels, which contained discussions about job applicants, employee programs, and various projects dating back to 2019. In response to the breach, Disney declined to comment on the specifics of the leaked information, emphasizing the illegal nature of the hackers' activities. This incident underscores the growing threat of cybercrime against major corporations and the potential risks associated with inadequate data security measures.