The Walt Disney Company was reportedly targeted by hackers who gained access to sensitive internal data, including revenue from its Disney+ and ESPN+ streaming services and admission tickets to its Genie theme park.
A cybercrime ring known as “NullBulge” uploaded more than 1.1 terabytes of data in July, including internal Slack messages in which employees complained about the company's battle with Florida Governor Ron DeSantis over the so-called “Don't Say Gay” bill.
Nurbulji, who authorities believe to be a single U.S.-based hacker, also released data including computer code and details of undisclosed projects. According to the Wall Street Journal:citing a blog post by the group.
NullBulge also obtained an internal spreadsheet detailing the revenue Disney generated from its Genie+ theme park passes in 2021.
Genie+ is a paid service that allows visitors to Disney World and Disneyland to purchase access to “Lightning Lane,” which allows them to skip the regular lines at major attractions.
The service, whose cost varies depending on the level of demand, has become an important source of revenue for the company.
According to documents included in the hack, the Genie+ pass generated more than $724 million in pre-tax revenue for Walt Disney World between October 2021 and June of this year.
Disney made changes to the Genie+ system earlier this year after guests complained that it was confusing and tedious.
The leaked documents also included an internal spreadsheet about the company's TV streaming service, Disney+.
According to the filing, Disney+ generated more than $2.4 billion in revenue in the quarter ended in March, representing 43% of the revenue generated by the company's direct-to-consumer businesses, which also include Hulu and ESPN+.
Disney hasn't released how much revenue each of its streaming services generates, disappointing investors eager for that data.
According to a report from the Wall Street Journal, the Slack channels that the hackers infiltrated also contained personal information about Disney cruise ship crew members, including passport numbers, visa details, places of birth and addresses.
The hackers also obtained up to 10,000 Slack messages from various channels dating back to 2019, containing conversations about job seekers, upcoming projects, employee programs, website development, advertising campaigns and more.
“We do not comment on unconfirmed information that The Wall Street Journal has obtained as a result of illegal activity by bad actors,” a Disney spokesman told the paper.
