Technology

Disney data breach: Disneyland, Disney Cruise guests and employees personal info leaked

Disneyland in California

Over the summer, Disney’s internal communications channels suffered a data breach. We now know that as a result of this breach, guests and employees were affected, with personal information being stolen by hackers.

Earlier this summer, a hacker group called “NullBulge” gained access to over 1TB of sensitive data from Disney after infiltrating the company’s internal Slack channels. Now, a new report by the Wall Street Journal, which viewed the leaked files, has uncovered more about exactly what was in the stolen files.

The leak consists of more than 44 million messages found in Disney’s Slack workplace channels. This also includes around 18,800 spreadsheet files and 13,000 PDFs. The data leaked by the hackers was limited to files Disney employees posted in a Disney Slack channel, with both private and public channels affected. Private direct messages between Disney employees in Slack are also not found in the leak.

While some of Disney’s internal company information and financials were part of the trove of stolen data, the most concerning details involve the private data belonging to Disney’s theme park and Disney Cruise Line customers and employees.

Disney crew and guests doxxed

The Disney data leaked by hackers includes private information for Disney Cruise Line staff and guests, as well as theme park attendees.

Physical addresses, birthdates, passport numbers, visa information, and even current assignments belonging to Disney Cruise Line crew members were found amongst the data stolen by hackers.

Another file contained names, addresses, and phone numbers tied to passengers on the Disney Cruise Line.

Information on guests at Disneyland was also discovered in the leaked data. It appears a “cluster” of Disneyland guests who had dining reservations at the park had their names and contact information revealed.

It’s unclear exactly how many Disneyland and Disney Cruise Line guests and staff have been affected.

Internal Disney streaming, theme park financials

The leak includes new financial information for Disney’s streaming service, Disney+.

According to internal spreadsheets found in the leaked data, Disney+ made more than $ 2.4 billion in revenue in the second quarter of 2024. 

While Disney does publicly report its streaming financial information to investors, as the Wall Street Journal points out, Disney does not disclose exactly how much each of its individual streaming services – Disney+, Hulu and ESPN+ – contributes to that overall total. The leaked revenue data reveals that Disney+ contributes 43 percent of revenue for Disney’s direct-to-consumer entertainment business, according to the Wall Street Journal.

The leak also includes some very interesting financial details for Disney theme parks. Between October 2021 and June 2024, Disney’s add-on theme park service Genie+ brought in more than $ 724 million in revenue at Disney’s Orlando, Florida resort complex, Disney World. Genie+ was a paid service that allowed Disney World guests to skip to the front of the line for the theme park’s attractions. Disney replaced Genie+ in July with a similar paid add-on service called Lightning Lane.

Mashable has reached out to Disney for comment, and will update this post if we hear back.

Mashable