A California man is facing serious federal charges after gaining unauthorized access to Disney’s internal communication systems and leaking more than a terabyte of sensitive company data.
According to newly filed court documents, 25-year-old Ryan Mitchell Kramer of Santa Clarita has agreed to plead guilty to two felony charges: illegally accessing a protected computer and threatening to damage one. The charges stem from a calculated hacking campaign in which Kramer embedded malware in a bogus AI art program and distributed it online.
A Trojan Horse Disguised as AI
Kramer’s strategy relied on exploiting the current fascination with AI tools. He uploaded what appeared to be a benign generative art program to GitHub and other platforms in early 2024. But under the hood, the software housed a malicious payload — one that allowed Kramer to remotely infiltrate the machines of users who downloaded it.
One of those users turned out to be an employee at The Walt Disney Company, granting Kramer access not only to personal files, but also to work-related credentials and communication platforms.
Slack Channels Breached, Data Dumped
With those credentials, Kramer reportedly accessed Disney’s Slack system — specifically internal channels used by company employees — and downloaded an estimated 1.1 terabytes of proprietary data. This activity took place across April and May of 2024, but things escalated even further two months later.
In July, Kramer attempted to extort the employee, contacting them via email and Discord while posing as a member of a fabricated “Russian hacktivist” group called NullBulge. When the employee didn’t respond, Kramer released the stolen Slack files along with personal and financial data tied to the victim.
A Wider Digital Trail
According to the Department of Justice, Kramer’s malware reached at least two other individuals, whose computers and account credentials were also compromised. It’s unclear whether any of their data was leaked as well.
Federal prosecutors say Kramer has admitted to all of these actions in a plea deal and could face up to 10 years in federal prison — five years for each charge. He is expected to appear in court in Los Angeles in the coming weeks.
What Was in the Disney Slack Data?
So far, neither Disney nor federal prosecutors have specified the exact nature of the data downloaded from Disney’s Slack channels, but with more than a terabyte leaked, the implications could be wide-ranging. Slack is often used for project management, internal memos, early product ideation, and confidential updates. If any unreleased film or park project details were part of the data set, this breach could have real consequences for both Disney’s business strategy and competitive security.
Cyber Threats Are Evolving
This case is a sobering reminder of how social engineering and AI trends can be leveraged for malicious purposes. Even a seemingly innocent download can compromise an entire organization when access credentials fall into the wrong hands. For companies like Disney — which sit at the intersection of creativity, IP protection, and global fandom — cybersecurity isn’t just important, it’s existential.
