A cyber criminal just broke into the House of Mouse—and it wasn’t via some secret tunnel under Disneyland. It was through Slack.
A Santa Clarita man is now at the center of a federal investigation after hacking into a Disney employee’s personal computer and stealing a massive amount of internal Disney data. This isn’t your average data breach. We’re talking over 1.1 terabytes of internal Slack communications, obtained through deception, malware, and outright threats.
What Happened?
According to federal prosecutors, 25-year-old Ryan Mitchell Kramer is preparing to plead guilty to two felony charges: one count of accessing a protected computer without authorization and another for threatening to damage one. Both carry a potential five-year prison sentence.
This wasn’t a spur-of-the-moment mistake—it was a premeditated hack with serious consequences.
The Bait
Early in 2024, Kramer uploaded a program online disguised as an AI art generator. The catch? It was rigged with malware that secretly allowed him to access the computers of anyone who downloaded it.
One of those victims happened to be a Disney employee. That single mistake gave Kramer access to the victim’s saved logins and passwords—including credentials for the victim’s work accounts. From there, Kramer accessed Disney’s private Slack communications platform.
That’s when things escalated.
The Heist
Kramer didn’t just poke around. He downloaded approximately 1.1 terabytes of private Slack data, combing through thousands of Disney’s internal channels. The data theft occurred in April and May 2024, but the fallout was just beginning.
Then came the threats.
Playing Hacker
In July, Kramer contacted the Disney employee via email and Discord, pretending to be part of a fake Russia-based “hacktivist” group called NullBulge. He threatened to leak both the Disney data and the employee’s private medical, financial, and personal information if demands weren’t met.
When he didn’t get a response, he made good on the threat. He released the Slack files and the employee’s personal data across multiple platforms, exposing sensitive information for anyone to see.
More Victims, More Damage
Court records say this wasn’t a one-off incident. At least two other individuals downloaded Kramer’s malicious software, potentially opening the door to more compromised data.
Kramer’s first court appearance is expected in the coming weeks at the United States District Court in Los Angeles. Meanwhile, the FBI continues to investigate the full extent of the breach.
For Disney, the hack is more than a PR issue—it’s a wake-up call. Even the biggest media empire in the world isn’t immune to modern cyber threats.
