A California man has agreed to plead guilty to federal charges after hacking into a Disney employee’s computer and stealing a massive trove of confidential corporate data, federal prosecutors announced yesterday.
According to the U.S. Department of Justice, Ryan Mitchell Kramer, 25, of Santa Clarita, will plead guilty to one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison.
According to court documents, in early 2024, Kramer posted what appeared to be AI art generation software on several online platforms, including GitHub. However, the program contained malicious code designed to give Kramer unauthorized access to victims’ computers.
Between April and May 2024, a Disney employee downloaded the program, unwittingly allowing Kramer to access the victim’s personal computer. Once inside, Kramer obtained login credentials stored in the employee’s password manager, which he then used to infiltrate Disney’s internal Slack messaging platform.
“By accessing the victim’s Disney Slack account, the defendant gained access to non-public Disney Slack channels, and in or around May 2024, the defendant downloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels,” states the plea agreement reviewed by authorities.
Disney Hacker Pleads Guilty
In July 2024, Kramer contacted the victim via email and Discord, posing as a member of a fictitious Russian hacktivist group called “NullBulge.” He threatened to release the stolen data unless the victim cooperated.
After receiving no response, Kramer released the stolen information on July 12, 2024, exposing Disney’s confidential communications and the employee’s personal information, including banking and medical details.
The data breach reportedly contained millions of internal messages, including sensitive information about Disney’s theme park operations, streaming revenues, and strategic planning documents not typically shared with investors.
“We are pleased that the individual has been charged and agreed to plead guilty to federal charges,” a Disney spokesperson said in a statement. “We remain dedicated to collaborating with law enforcement, as we did in this case, to ensure that cybercriminals are held accountable”.
In this plea agreement, Kramer also admitted that at least two other victims downloaded his malicious software, giving him unauthorized access to their computers and accounts. The FBI is continuing to investigate these additional breaches.
Kramer is expected to appear in the United States District Court in downtown Los Angeles in the coming weeks. Assistant United States Attorneys Lauren Restrepo and Maxwell Coll of the Cyber and Intellectual Property Crimes Section are prosecuting the case.
Following the breach, Disney reportedly shut down its internal Slack system as part of its response to the security incident.
Get your 14-day ANY.RUN trial today and protect what matters most.
%20Tools.webp?w=100&resize=100,70&ssl=1 "Top 10 Best Privileged Access Management (PAM) Tools in 2025")