Matthew Van Andel, a former Disney employee, has filed a wrongful termination complaint against the company after unknowingly downloading malware that led to a significant cybersecurity breach. Van Andel had installed a free AI tool from a code-sharing website onto his personal computer. Months later, he received messages from strangers referencing private conversations he had with coworkers at Disney, confirming he had been hacked.
“The hackers were monitoring my email,” Van Andel said. The hackers used Van Andel’s credentials to access Disney’s Slack network, exposing millions of messages, including sensitive financial and employee data. The intrusion also led to the leakage of Van Andel’s personal information, such as credit card numbers, social security number, passwords, medical records, and home security details.
Cybersecurity expert Casey Ellis advised vigilance in monitoring downloads and enabling multi-factor authentication on all applications. “It puts you one step ahead of the attackers,” Ellis said. He also emphasized keeping personal and work systems separate to mitigate such risks.
Van Andel and his family spent weeks securing their accounts while dealing with continuous cyber-attacks from individuals who had accessed his leaked information. Despite initial support from Disney, Van Andel was later fired for allegedly accessing inappropriate material on his work computer, a claim he denies.
Former employee’s wrongful termination suit
“Mr. Van Andel’s claim that he did not engage in the misconduct that led to his termination is firmly refuted by the company’s review of his company-issued device,” Disney stated. Van Andel’s attorney has filed the complaint against Disney, alleging slander and wrongful termination.
“I still have nightmares. I still wake up every morning and wish I hadn’t,” Van Andel said. “Things might get better, I don’t know, but if it happens, it’s going to be a very long road.
And I’m one person, and they are one of the biggest, most powerful, most recognizable companies in the world.”
The incident raises questions about password manager security. In this case, the attackers had unrestricted access to Van Andel’s computer for five months, capturing credentials with a keyboard logger and remote access, which they used to exploit his unlocked database. The real issue was the untrusted software that Van Andel downloaded, which contained the malware.
This breach occurred on Van Andel’s personal device, where he accessed Disney Slack channels. The incident highlights the dangers of downloading unverified software and underscores the importance of robust cybersecurity practices.
Image Credits: Photo by Craig Adderley on Pexels
April Isaacs is a news contributor for DevX.com She is long-term, self-proclaimed nerd. She loves all things tech and computers and still has her first Dreamcast system. It is lovingly named Joni, after Joni Mitchell.
