Santa Clarita, California — A 25-year-old man has admitted to hacking into a Disney employee’s computer, compromising sensitive information and stealing over 1 terabyte of data. Ryan Mitchell Kramer pleaded guilty to two felony counts, including unauthorized computer access and threatening to damage a protected computer. Each count could carry a sentence of up to five years in federal prison.
The case, stemming from activities in early 2024, involves Kramer distributing a computer program disguised as an AI art generator. However, the software contained malware that enabled him to infiltrate users’ systems. Between April and May of that year, a Disney employee unknowingly downloaded the malicious program, giving Kramer access to both personal and professional accounts, which included a non-public Slack channel for Disney employees.
Following the hack, Kramer illegally downloaded approximately 1.1 terabytes of confidential data spanning thousands of Slack channels. He later contacted the victim while posing as a member of a fictitious Russian hacktivist group, threatening to leak sensitive information, including bank, medical, and personal details. On July 12, he carried out his threats by publicly releasing the stolen information across multiple online platforms.
The breach first came to light in a report from the Wall Street Journal on July 15, prompting Disney to launch an investigation into the incident. The FBI is also involved in looking into the breach, reflecting the seriousness of the cybercrime.
Leaked materials reportedly included discussions related to Disney’s corporate website, software development initiatives, evaluations of job candidates, leadership programs, and even personal images of employees’ pets dating back to 2019. This highlights the breadth of the information accessible through the hack, showcasing both professional and personal data.
A spokesperson for Disney expressed satisfaction with the resolution of the case, emphasizing the company’s commitment to collaborating with law enforcement to combat cybercriminals. “We are pleased that this individual has been charged and has agreed to plead guilty,” the spokesperson stated, reinforcing Disney’s proactive stance on data security.
In addition to the Disney incident, Kramer acknowledged involvement in hacking the computers of at least two other victims via his malware. He is scheduled to appear in U.S. District Court in downtown Los Angeles in the weeks ahead, marking a significant step in the legal proceedings surrounding this cybercrime case.