Eastman Kodak Company confirmed it is investigating a data breach after the ShinyHunters extortion group claimed responsibility and threatened to publish stolen data unless the company responded by June 18, 2026, according to Malwarebytes, BleepingComputer, and SecurityWeek.
Kodak told reporters the incident involved a limited amount of company data, was contained, and did not pose a threat to its systems or operations. The company engaged external cybersecurity experts and notified law enforcement.
What ShinyHunters Claimed
The group posted on its leak site that it stole more than 2.2 million records containing customer PII and internal corporate data, warning:
“This is a final warning to reach out by 18 June 2026 before we leak along with several annoying (digital) problems that’ll come your way.”
As with other recent ShinyHunters campaigns, attackers did not publicly provide proof files at the time of the threat — a common extortion tactic to apply pressure before full facts are known.

Investigation Still Underway
It is not yet clear how attackers gained access. ShinyHunters is known for social engineering, insider bribery, and supply-chain exploitation — not solely traditional ransomware encryption.
Kodak’s investigation continues to determine who was affected and exactly what information was accessed.

Independent Cybersecurity Audit
An EmailMeNow Cybersecurity Audit of kodak.com on June 19, 2026 scored the company’s primary domain at 70% (Good) — adequate for basic email authentication on paper, but not evidence that customer PII was protected everywhere attackers may have moved laterally.
| Domain | Overall | Risk Level |
|---|---|---|
| Eastman Kodak (kodak.com) | 70% | Good |
ShinyHunters frequently combines social engineering, insider coercion, and supply-chain access — paths that bypass a solid public website score. Customers should still rotate passwords and watch for phishing regardless of the headline percentage.
Audit link: kodak.com audit
What Customers and Businesses Should Do
Malwarebytes and security researchers recommend practical steps while Kodak completes its analysis:
- Change Kodak account passwords and avoid reusing them elsewhere.
- Enable multi-factor authentication (MFA) on every account that supports it.
- Consider a credit freeze with Equifax, Experian, and TransUnion if PII may be involved.
- Watch for phishing emails referencing the Kodak breach — criminals exploit breach confusion with fake “support” messages.
- Monitor Kodak’s official website for customer notifications rather than trusting unsolicited links.

Broader Pattern: Steal-and-Leak Extortion
Kodak joins a growing June 2026 list of ShinyHunters victims alongside Madison Square Garden and alleged targets such as One Medical.
For Texas businesses — including retailers, manufacturers, and professional services firms — the lesson is consistent: extortion deadlines are marketing events. Assume data may leak even when a company describes the scope as “limited.”
Review public breach monitoring resources and ransomware tracker guidance to watch leak sites before regulatory filings appear.
Related trackers
- Hospitality & retail tracker
- Texas OAG YTD dashboard
- Ransomware threat landscape
- Monitoring guide
- All state AG trackers
- CA June roundup
- TX June roundup
- Have I Been Pwned
Reduce exposure to extortion and phishing after public breaches.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for security awareness training and email authentication (SPF, DKIM, DMARC).
Source: Malwarebytes — Kodak confirms breach as ShinyHunters’ leak threat reaches deadline · EmailMeNow audit — kodak.com