The Walt Disney Company, the entertainment giant known for its iconic theme parks, beloved characters, and blockbuster movies, now finds itself embroiled in a significant legal battle. A class action lawsuit, filed by plaintiff Scott Margel in Los Angeles County Superior Court, accuses Disney of negligence, breach of implied contract, and other misconduct in connection with a massive data breach that occurred earlier this year. This information has been first reported by the L.A. Times.
Thousands of Disney Employees and Customers Affected
The class members, estimated to number in the thousands, are individuals who entrusted Disney with their sensitive personal information as part of their employment with the company. This information, which may include passport numbers, visa details, birthplaces, and physical addresses, was allegedly compromised in the breach, leaving the affected individuals vulnerable to potential identity theft and other nefarious activities.
Hacking Group NullBulge Claims Responsibility for Data Leak
The lawsuit cites a Wall Street Journal article that reported on the actions of a hacking group known as NullBulge. In September, the group allegedly released a staggering amount of data, including over 18,800 spreadsheets, 13,000 PDFs, and 44 million internal messages sent via the workplace communication platform Slack.
The compromised Slack messages reportedly contained sensitive information belonging to Disney cruise employees, while at least one spreadsheet listed the names, addresses, and phone numbers of some Disney Cruise Line passengers. The Wall Street Journal later reported that Disney planned to discontinue its use of Slack following the breach.
Plaintiff Alleges Lack of Transparency and Security Measures
The complaint asserts that the plaintiff and class members remain in the dark about the specific data that was stolen, the malware used in the attack, and the steps being taken to secure their personal information going forward. This lack of transparency has left the affected individuals to speculate about the potential misuse of their data and the long-term consequences of the breach.
NullBulge’s Motives and Disney’s Initial Response
In July, NullBulge claimed responsibility for leaking approximately 1.2 terabytes of Disney data, citing the company’s alleged mistreatment of artists, controversial approach to AI, and disregard for consumers as their motivations. The hacktivists reportedly gained access to Disney’s system through an individual with Slack access who had cookies.
At the time of the initial reports, a Disney spokesperson stated that the company was investigating the matter, but no further details were provided.
Plaintiff Seeks Strengthened Security Measures and Compensation
Through the class action lawsuit, plaintiff Scott Margel is demanding that Disney take proactive steps to fortify its security system and educate class members about the risks associated with the data breach. Additionally, the plaintiff is seeking unspecified damages and has requested a jury trial to resolve the matter.
Check back here at MainGatePass.com and follow us on X (Twitter) for the latest Disney Parks news & updates.
