Disney faces class action lawsuit over employee data breach

Disney faces class action lawsuit over employee data breach

As a long-time Disney enthusiast who has spent countless hours immersed in their magical world, I find myself deeply concerned about this recent data breach at the company. Having shared my personal information with them over the years, I can’t help but feel uneasy knowing that sensitive data could potentially be in the wrong hands.


The Walt Disney Company is facing a collective legal action, alleging they were careless, breached an unspoken agreement, and engaged in improper conduct due to a significant data leak incident that took place earlier this year. This lawsuit was filed against them.

On a Thursday, Scott Margel filed a lawsuit in Los Angeles County Superior Court, naming Disney and Disney California Adventure as defendants. The 32-page court document further alleges that the company failed to adequately protect customer records and breached the privacy of medical information by not taking sufficient measures to prevent or alert victims regarding the extent of a data leak.

In the lawsuit, it is stated that a large number of people (estimated in the thousands) involved in the class are described as those who shared confidential, highly personal details with Disney during their employment tenure. These details, according to the complaint, were supposedly exposed in the data breach.

Representatives of Disney did not immediately respond Friday to The Times’ request for comment.

The lawsuits refer to an article published by the Wall Street Journal in September, which disclosed that a hacking group named NullBulge made public over 18,800 spreadsheets, 13,000 PDF files, and approximately 44 million internal messages sent through the workplace communication system Slack.

As reported by the Journal, the leaked Slack messages carried confidential data pertaining to Disney cruise staff members, such as passport details, visa information, birthplaces, and residential addresses. Moreover, at least one spreadsheet disclosed the names, home addresses, and phone numbers of certain Disney Cruise Line passengers. The newspaper later announced that Disney intended to cease using Slack after the security incident.

The plaintiff and fellow class members “still lack knowledge about the specific data that was taken, the specific type of malware involved, and any measures being implemented, if any, to safeguard their personal information in the future,” according to the filing.

In this case, the plaintiff and fellow class members are now in a position where they can only guess or conjecture about the final destination of their data, who might be utilizing it, and for what possible harmful intentions.

In July, NullBulge declared that it had released approximately 1.2 terabytes of Disney data as a protest against the company’s treatment of artists, its stance on AI, and what they considered to be a disregard for consumers. These self-proclaimed hacktivists told CNN that they managed to infiltrate Disney’s system due to a person with access to Slack who had cookies (presumably referring to digital tokens used to authenticate and maintain a persistent login session).

At the given time, a representative from Disney stated they were looking into this particular issue.

Margel insists that Disney should strengthen their security measures and inform participants about potential hazards stemming from data breaches. Additionally, the plaintiff requests compensation yet to be determined and is opting for a jury trial.

Read More

2024-10-04 22:31

Previous post Things aren’t looking good for Joker: Folie A Deux (box office update)