Overview

• Ryan Mitchell Kramer, 25, pleaded guilty to two federal felony charges: unauthorized computer access and threatening to damage a protected computer, each carrying a maximum sentence of five years.
• Kramer used a malicious program disguised as an AI art tool to infiltrate a Disney employee's computer in early 2024, gaining access to personal and corporate accounts, including Disney's internal Slack channels.
• He downloaded approximately 1.1 terabytes of confidential Disney data between April and May 2024, including sensitive corporate communications and personal employee information.
• In July 2024, Kramer posed as a member of a fake Russian hacktivist group, 'NullBulge,' to extort the victim before publicly releasing the stolen data online, including personal financial and medical records.
• The FBI continues to investigate the case, and Disney is reviewing its security protocols following the breach, which highlights vulnerabilities in corporate endpoint security.