PYMNTS-MonitorEdge-May-2024

Report: Disney Cuts Ties With Slack After Data Heist

Disney, Slack, data breach

Disney reportedly plans to stop using workplace collaboration platform Slack following a recent data breach.

Chief financial officer Hugh Johnston announced the change this week, the Wall Street Journal (WSJ) reported Thursday (Sept. 19), citing an internal memo reviewed by the news outlet. That memo said many teams at the entertainment behemoth had begun switching over to “streamlined enterprise-wide collaboration tools.”

“Where we have opportunities to leverage more integrated tools and platforms we should,” the memo said.

The move comes after a hacker stole a terabyte worth of data — including 44 million messages and more than 18,800 spreadsheets and at least 13,000 PDFs — and leaked it online.

This included financial and strategy information, the WSJ said, along with personally identifiable information for employees and customers.

PYMNTS has contacted Disney and Slack-owner Salesforce for comment but has not yet gotten a reply.

As covered here in July, the material was published by an anonymous hacking group known as “Nullbulge,” which has used Trojan horse tactics to distribute malicious software, hiding it in free add-ons for games and AI image generation software.

The hack comes in the midst of what PYMNTS has called “the year of the cyberattack,” following damaging attacks on several high-profile companies and organizations.

In the past year, 82% of eCommerce merchants suffered cyber or data breaches, with 47% saying the breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a PYMNTS Intelligence and Nuvei report.

As PYMNTS wrote soon after the Disney breach was reported, this sort of incident underlines the need for fault tolerance. The stakes are high, that report added, noting that breaches can cost companies millions, harm reputations and weaken customer trust. To reduce these risks, the emphasis must pivot from a purely preventive approach to a strategy that balances prevention with robust response and recovery.

“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS in a recent interview, adding that the cost of computing power has decreased drastically over the past decade, making it easier for criminals to get access powerful tools and carry out sophisticated attacks.

“It’s a combination of defenses at the human layer, controls at the network layer, application layer and business process layer,” Mallik added. “This is complemented by continuous monitoring of the external threat environment.”