Kodak Confirms Data Breach After ShinyHunters Claims Theft of 2.2 M Customer Records
What Happened — Kodak disclosed that an unauthorized third party gained temporary access to a limited set of company data. The ShinyHunters extortion gang later claimed to have exfiltrated over 2.2 million records containing customer PII and internal corporate information. Kodak is working with external investigators and law‑enforcement agencies to determine the scope and source of the breach.
Why It Matters for Compliance & Audit Readiness
- This incident exemplifies a failure of access‑control safeguards that SOC 2 – Security (CC6.1) and Confidentiality (CC6.2) require organizations to design, implement, and continuously monitor.
- Demonstrating a defensible audit trail (evidence of privileged‑access reviews, MFA enforcement, and incident‑response logging) is essential to prove compliance after an unauthorized access event.
- Continuous monitoring of access‑control logs and periodic validation of user‑rights mapping can surface anomalous activity before data is exfiltrated.
Who Is Affected – Companies handling large volumes of customer PII, especially in imaging, chemicals, and related technology sectors; downstream partners that integrate with Kodak’s platforms.
Recommended Actions
- Immediately review and tighten privileged‑access policies (MFA, least‑privilege, session monitoring).
- Collect and preserve logs from identity‑access management (IAM) and data‑loss‑prevention (DLP) tools as audit evidence.
- Conduct a SOC 2 control gap analysis focused on CC6.1/CC6.2 and remediate any deficiencies.
- Notify affected individuals per GDPR/CCPA obligations and update breach‑response playbooks.
Technical Notes – The breach vector has not been disclosed; investigators suspect either credential compromise or a mis‑configured service. Data reportedly includes names, email addresses, and other PII. Source: BleepingComputer