The Disney company was hacked after an employee unknowingly exposed the company’s internal systems after downloading an AI tool. This led to a significant data breach. Private information belonging to Disney employees and customers was leaked, prompting a response from the company’s cybersecurity team.
Disney Systems Compromised Through AI Tool
In February 2024, Disney employee Matthew Van Andel downloaded an AI-powered image-generation tool from GitHub. While the software functioned as expected, it also carried hidden malware that gave a hacktivist group—known as “Nullbulge”—access to Van Andel’s computer and, ultimately, Disney’s internal networks.
Through this breach, the hackers infiltrated Van Andel’s 1Password account, where sensitive login credentials were stored. This allowed unauthorized access to Disney’s internal Slack channels and private data, including employee and customer records.
Cinderella Castle in Walt Disney World at Dusk looking into Liberty Square – Photo Credit: M. Montanaro
According to cybersecurity researchers, “Nullbulge” is likely an individual based in the United States. The fact that Disney was hacked went undetected for months until July, when the hacker sent Van Andel a direct message, stating, “I have gained access to certain sensitive information related to your personal and professional life.”
Disney Data Leaked, Company Scrambles to Respond
The next day, Disney’s internal Slack communications were leaked online, exposing confidential customer details and employee passport numbers. The company’s cybersecurity team took immediate action, but the damage had already been done.
Epcot Spaceship Earth Walt Disney World Orlando 2010. Photo Credit: chensiyuan, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons
As Van Andel worked with Disney’s security team, the hacker sent him another message: “Respond, do what we want, or end up on the net.” By the following morning, all login information stored in Van Andel’s 1Password account was publicly posted online, further deepening the breach.
Hacker Group Alleges Insider Connection
According to NullBulge’s website, the group presents itself as a “hacktivist” collective advocating for artists’ rights, opposing artificial intelligence-generated artwork, and cryptocurrency-related products. However, in a blog post, the group made a shocking claim about how the breach ended, suggesting that Van Angel had initially aided their access.
“We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” the post read, before adding, “I thought we had something special, Matthew J Van Andel.”
The statement has sparked speculation about whether Van Andel had any involvement in the breach or if NullBulge is merely attempting to shift blame onto the Disney employee who first detected the intrusion. Van Andel, has strongly denied any connection to the hacker group and maintains that he was an unwilling victim.
Despite the claim, no public evidence has surfaced linking Van Andel to the breach beyond the hacker’s accusation, leaving Disney with yet another controversy surrounding the security failure.
Company Fallout and Employee’s Termination
The breach resulted in widespread exposure of private information, but instead of supporting the employee caught in the middle of the attack, Disney fired Van Andel. The company claimed an internal investigation found inappropriate material on his work computer, an allegation he vehemently denied.
The Pool Deck of the Disney Wish – Photo Credit: M. Montanaro
“I’m the one who got hacked,” Van Andel said, maintaining that the breach allowed outsiders to plant incriminating material on his system. Despite his appeals, he was unable to overturn Disney’s decision, losing his health insurance and approximately $200,000 in bonuses.
Legal Action and Ongoing Security Risks
In an effort to rebuild his life, Van Andel has taken on contract work while his sister launched a GoFundMe campaign for support. His attorney has also sent a demand letter to Disney, seeking an eight-figure settlement for lost wages and emotional distress.
Cinderella Castle at Walt Disney World During a Stage and Fireworks Show – Photo Credit: M. Montanaro
Meanwhile, even after changing his passwords, Van Andel continues to see attempts to access his accounts—further proof of the lasting consequences of Disney’s security lapse.
This breach raises major concerns about cybersecurity vulnerabilities within large corporations and how companies respond when internal security failures lead to widespread data leaks.
What’re your thoughts on Disney being hacked through an employee’s AI download? Sound off in the comments and let us know!
