NullBulge's AI-Powered Malware Allegedly Compromises Disney Employee and Internal Data

July 11, 2024

A Disney employee, Matthew Van Andel, reportedly downloaded an AI-powered malware allegedly developed by the cybercriminal group NullBulge. This action led to a significant cybersecurity breach, with hackers accessing Disney's Slack system, exposing approximately 44 million internal messages, employee and customer data, and financial records. The malware also purportedly leaked Van Andel’s personal financial information, leading to identity theft and his termination. This incident underscores the importance of trustworthy AI, safe and secure AI practices, and Project Cerebellum's role in governance, mapping, measuring, and managing such incidents.

For those interested in shaping the future of AI governance, JOIN US.

Matched TAIM controls

Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls

MEASURE 2.10 — similarity 0.640, rank 1. TAIM detail and related incidents →
MAP 1.6 — similarity 0.635, rank 2. TAIM detail and related incidents →
MEASURE 2.6 — similarity 0.635, rank 3. TAIM detail and related incidents →

Alleged deployer: nullbulge
Alleged developer: nullbulge
Alleged harmed parties: matthew-van-andel, disney-employees, disney

Source

Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/950

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.