Ryan Kramer Mitchell, 25, of Santa Clarita, has agreed to plead guilty to hacking into the personal device of a Walt Disney Company employee in 2024. The hack allowed Kramer to access login credentials, enabling him to illegally download confidential data through the employee’s Slack account.
Kramer faces two charges: one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer, both carrying a potential prison sentence of up to five years. The case follows the discovery of a massive data breach that compromised sensitive Disney data.
Data Leak and Extortion Scheme
In 2024, a hacker group called NullBulge claimed responsibility for stealing 1.1TB of data from Disney’s internal Slack channels. The stolen files reportedly included source code, unreleased project details, and employee login credentials. This prompted Disney to initiate an investigation into the breach.
NullBulge, which claimed to be a Russian hacktivist group, presented itself as an advocate for artists’ rights. However, security experts at SentinelOne found that the group’s actions contradicted its stated motives.
Kramer’s Malicious Actions
Kramer distributed malicious software disguised as a tool for creating AI-generated art. When a Disney employee downloaded the fake tool, it allowed Kramer to gain access to the victim’s device, and eventually, Disney’s sensitive corporate data. When the employee did not respond, Kramer attempted to extort them by leaking both personal information and stolen Disney files.
Following the discovery of the data breach, Disney stopped using Slack for internal communication and fired the employee involved in downloading the malicious file. The fired employee has since filed a wrongful termination complaint against Disney.
As part of his plea agreement, Kramer admitted to at least two additional victims who also downloaded the malicious file. However, the identities of these victims remain undisclosed. The FBI continues to investigate the case.
