A significant data breach at Walt Disney has exposed internal company information, including revenue figures for its Disney+ and ESPN+ streaming services, as well as details on its Genie+ theme park passes.
The breach, attributed to a cyber-criminal group known as NullBulge, has also revealed sensitive employee and guest information.
In July, NullBulge, which is believed to be a lone hacker based in the US, uploaded over 1.1 terabytes of data, including internal Slack messages and financial documents. The data includes insights into Disney’s Genie+ system, which allows visitors at Disney World and Disneyland to bypass regular lines for popular attractions. According to the leaked documents, Genie+ generated more than $724 million in pretax revenue from October 2021 to June 2024 at Walt Disney World alone.
The breach also disclosed specific revenue figures for Disney+, showing that the streaming service earned over $2.4 billion in the first quarter of the year, accounting for 43% of the revenue from Disney’s direct-to-consumer business. Disney typically consolidates its streaming services, including Hulu and ESPN+, into a single revenue category, keeping individual performance metrics confidential.
Additional leaked data includes internal spreadsheets and Slack messages containing personal information about Disney cruise staff, such as passport numbers, visa details, and physical addresses. The hack also exposed discussions about Disney’s public disputes with Florida Governor Ron DeSantis over controversial legislation.
Disney has declined to comment on the specifics of the breach.
“We decline to comment on unverified information purportedly obtained as a result of a bad actor’s illegal activity,” stated a company spokesperson.
The breach has prompted Disney to investigate the incident, though the company has indicated that it has not had a material impact on operations or financial performance. NullBulge claimed responsibility for the hack, asserting they accessed the data through a compromised employee computer.
New York Post, Investopedia, and FOX Business contributed to this report.
