In a recent cyber attack, Walt Disney has fallen victim to hackers who managed to gain access to sensitive internal company data. As reported by The Wall Street Journal, the cyber-criminal operation known as "NullBulge" uploaded over 1.1 terabytes of data in July, including confidential revenue figures from Disney's streaming services, Disney+ and ESPN+. The breach also exposed details about Disney's Genie theme park passes and internal Slack messages discussing the company's battle with Florida Governor Ron DeSantis over contentious legislation.

NullBulge, believed to be a lone hacker based in the United States, released a blog post indicating that they had obtained and published various data, including unreleased projects and computer code. The breach also unveiled internal spreadsheets revealing revenue generated from Disney's Genie+ theme park passes in 2021. The paid service, which grants visitors access to a "Lightning Lane" for skipping regular lines at major attractions in Disney World and Disneyland, reportedly brought in over $724 million in pretax revenue between October 2021 and June of this year at Walt Disney World.

In addition, the leaked documents contained internal spreadsheets concerning Disney+, the company's popular television streaming service. The data exposed that Disney+ generated over $2.4 billion in revenue during the quarter ending in March. Remarkably, this accounted for 43% of the revenue generated by Disney's direct-to-consumer business, which also includes Hulu and ESPN+.

It is worth noting that while these revenue figures were obtained through the hacking incident, Disney does not typically disclose revenue generated by individual streaming services, leading to disappointment among investors seeking such data.

The breach also compromised personal information within several Slack channels, including details of staff aboard Disney cruises, such as passport numbers, visa information, places of birth, and physical addresses, as reported by The Wall Street Journal. Furthermore, the hackers were able to access Slack messages from an estimated 10,000 different channels, revealing conversations about job applicants, upcoming projects, employee programs, website development, and advertising campaigns dating back to 2019.

A Disney spokesperson declined to comment directly on the specific information reported by The Wall Street Journal, citing the unverified nature of the data and attributing its release to the illegal activities of a malicious actor.

This cyber attack on Walt Disney serves as a reminder of the ongoing threats faced by organizations in our increasingly digital world. The breach highlights the importance of robust cybersecurity measures to protect sensitive data from falling into the wrong hands.