After downloading an AI-powered photo tool containing embedded hacking software, Matthew Van Andel experienced a complete life disruption in his role as a former Disney engineer. The malware system enabled cybercriminals to break into his personal and professional data, which resulted in severe consequences.
In July, Van Andel received a Discord message from an unidentified person who demonstrated access to Disney’s internal Slack system. The hackers demanded payment by threatening to expose his confidential information to the public. The cybercriminals successfully bypassed his security measures to reveal his Social Security number together with his Disney login details and his children’s Roblox account information.
The data breach caused Van Andel to develop anxiety and panic attacks while receiving unwanted attention from strangers. The attackers damaged his social media platforms while sending him terrifying voice messages. Disney fired him after their examination of his work computer showed inappropriate content, which he denies having done.
The cyber breach involved Nullbulge as the attacking group, which released more than a terabyte of Disney’s confidential data that included employee records together with internal codes and upcoming project details. The cyberattack group Nullbulge presented itself as a protest organization against Disney’s AI policies and artist treatment, but security experts identify the attack as a single hacker’s operation through “infostealer” malware.
The Van Andel family rejects the hackers’ ideological motive because the attackers first targeted financial information and then used his Disney affiliation to expand their attack. His sister recognized his courage by standing up against the breach even though the company retaliated harshly.
After his departure from Disney, Van Andel remains under continuous cyberattack. His experience demonstrates how the risks of obtaining unverified software lead to enduring consequences of cybercrime.
