Disney Data Breach Included Disneyland Guest Information, Genie+ Revenue Details

Shannen Ace

Updated on:

Disneyland Park image for DisneylandForward story.

Disney Data Breach Included Disneyland Guest Information, Genie+ Revenue Details

Disney data leaked in a hack earlier this summer included Disney Cruise Line crew member passport numbers, Disney Cruise Line and Disneyland Resort guest contact information, Genie+ revenue details, and more.

Disney Data Breach

Walt Disney company studios gate for Disney data breach article.

The Wall Street Journal (WSJ) viewed some of the 1.1TB worth of files that were compromised by Russia-based hacktivist group Nullbulge in July. Nullbulge obtained data from Disney’s internal Slack platform and, according to WSJ, shared more than 44 million messages, 18,800 spreadsheets, and 13,000 PDFs.

Among the files were granular revenue details about Disney+, ESPN+, and Hulu. The Walt Disney Company does not publicly disclose streaming service revenue but spreadsheets indicate Disney+ generated over $2.4 billion in the second quarter of 2024. That accounts for about 43% of the company’s revenue for direct-to-consumer entertainment.

Disney Genie service logo

Another spreadsheet details revenue from Disney Genie+, now known as Lightning Lane Multi Pass. According to the file, Genie+ at Walt Disney World generated over $724 million in pretax revenue between its October 2021 launch and June 2024.

Other data includes information about ad operations. These include spending by politicians on Disney platforms and debate over whether to approve ad campaigns by Netflix and other rivals.

One spreadsheet contained the names and contact information of some Disneyland Resort guests with dining reservations. Another included names, addresses, and phone numbers of Disney Cruise Line passengers.

Passport numbers, visa details, places of birth, physical addresses, and current assignments of Disney Cruise Line staff members were also leaked.

Left: Bob Iger. Right: Governor Ron DeSantis.

The data included staff reactions to Disney’s clash with Florida Governor Ron DeSantis regarding the Parental Rights in Education law (a.k.a. the “Don’t Say Gay” law).

Slack is just one platform Disney uses for internal communication and no private messages between executives were included in the hack.

A Disney spokesperson said, “We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor’s illegal activity.”

In an August regulatory filing, Disney told investors they were investigating the unauthorized release of data but that the incident had not affected and likely would not impact their operations or financial performance.

Though Nullbulge uploaded the Disney data, security researchers believe the hack was the work of a single individual in the U.S. Nullbulge claimed in a direct message on X that they accessed the data through a company manager of software development whose computer they compromised.

For the latest Disney Parks news and info, follow WDW News Today on TwitterFacebook, and Instagram.