DTG
Company Details
Linkedin ID:
disney-theatrical-group
Website:
Employees number:
613
Number of followers:
53,856
NAICS:
71
Industry Type:
Homepage:
disneyonbroadway.com
IP Addresses:
0
Company ID:
DIS_3051975
Scan Status:
In-progress
Disney Theatrical Group Company CyberSecurity Posture
disneyonbroadway.com
DISNEY THEATRICAL GROUP (DTG) operates under the direction of Thomas Schumacher and is among the world’s most successful commercial theatre enterprises, bringing live entertainment events to a global annual audience of more than 19 million people in more than 50 countries.
Disney Theatrical Group A.I CyberSecurity Scoring
DTG Risk Score (AI oriented)Between 700 and 749
DTG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DTG Global Score (TPRM)XXXX
DTG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DTG Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Disney
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: In this incident, a 25-year-old California man, Ryan Kramer (alias NullBulge), tricked Disney employees into downloading malware disguised as an AI image-generation tool. Once installed, the malware harvested credentials and provided Kramer with unauthorized access to Disney’s private Slack channels and internal communications. One employee, Matthew Van Andel, inadvertently granted elevated privileges, enabling Kramer to exfiltrate more than 1.1 terabytes of confidential data. Stolen materials included personal information of employees, unreleased film and TV project files, and other proprietary corporate documents. When Van Andel failed to comply with threats of publication, Kramer posted the sensitive data on the BreachForums hacking site. Authorities say at least two other individuals were similarly compromised, and an ongoing investigation aims to determine the full extent of the breach. The exposure of internal communications and unreleased intellectual property poses serious reputational, legal, and financial risks for Disney, while also potentially undermining competitive positioning and violating privacy regulations.
DTG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DTG
Incidents vs Entertainment Providers Industry Average (This Year)
Disney Theatrical Group has 28.21% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Disney Theatrical Group has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types DTG vs Entertainment Providers Industry Avg (This Year)
Disney Theatrical Group reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — DTG (X = Date, Y = Severity)
DTG cyber incidents detection timeline including parent company and subsidiaries
DTG Company Subsidiaries
DISNEY THEATRICAL GROUP (DTG) operates under the direction of Thomas Schumacher and is among the world’s most successful commercial theatre enterprises, bringing live entertainment events to a global annual audience of more than 19 million people in more than 50 countries.
Loading...
DTG Similar Companies
Lucidity
Lucidity Agency Models, también conocida como Lucidity, es una agencia de modelos establecida en vancouver, Canada, en 2010 por el conglomerado The Ivan Group. Lucidity maneja en la actualidad a más de 800 modelos de los cinco continentes, convirtiéndola en la agencia de modelos más grande del mund
Recognized three years in a row by Great Place to Work® and named one of People Magazine’s Top 50 Companies that Care, Live Nation Entertainment is the global leader in live events and ticketing. With business operations and corporate functions across major divisions including Ticketmaster, Concerts
TikTok
TikTok is a discovery tool made just for you. TikTok is a global platform for discovery, joy and endless possibilities — connecting and entertaining more than a billion people across more than 150 countries. TikTok's headquarters are in Los Angeles and Singapore, with additional offices in Austin
SAG-AFTRA
With national offices in Los Angeles and New York, and local offices nationwide, SAG-AFTRA is the iconic American labor union that represents approximately 160,000 media professionals. Our members are the talented faces and voices that entertain and inform America and the world. They are actors, a
Universal Orlando Resort
For years, we’ve been creating a legacy of unforgettable experiences for our Guests. Our Guests are immersed into the sights and sounds of some of the greatest movies and most legendary stories, and our Team Members are the ones who help make those incredible experiences come alive. Our Team Members
Topgolf is the ultimate instigator of play. Thanks to our 100+ venues around the globe, which are powered by industry-leading Toptracer technology, we're leading the charge of modern golf. We offer a variety of tech-driven games, a top-tier food and drink menu, space to host large events, and a vibe
Technicolor Group
Technicolor Group is a creative technology company providing world-class production expertise driven by one purpose: The realization of ambitious and extraordinary ideas. Home to a network of award-winning studios, MPC, The Mill, Mikros Animation and Technicolor Games, we inspire creative companies
NBCUniversal
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and n
Warner Bros. Discovery
Warner Bros. Discovery, a premier global media and entertainment company, offers audiences the world’s most differentiated and complete portfolio of content, brands and franchises across television, film, streaming and gaming. The new company combines WarnerMedia’s premium entertainment, sports and
.png)
DTG CyberSecurity News
September 03, 2025 07:00 AM
Thomas Schumacher, who led Disney Theatrical Group to historic success, is leaving the company
Thomas Schumacher, who led Disney Theatrical Group for decades and helped it produce enduring musical theater hits like “The Lion King” and...
March 18, 2025 07:00 AM
Google signs its largest-ever acquisition deal to buy cybersecurity firm Wiz for $32 billion
Google LLC, on Tuesday, March 18, announced that it had signed a definitive agreement to acquire Wiz Inc., a New York-based cybersecurity...
August 09, 2024 07:00 AM
Disney’s ‘Greatest Showman’ stage musical will play London in 2026
Look out 'cause here it comes. Disney Theatrical Group announced that a new stage musical of “The Greatest Showman” is in development at...
October 28, 2022 07:00 AM
‘Lion King’ Actor Claims Disney Fired Him After He Reported Sexual Harassment And Took Paternity Leave
The actor accused Disney of “retaliation and intentional inaction” after he made allegations about a hostile work environment.
May 14, 2020 07:00 AM
Disney announces ‘Frozen’ won’t return to Broadway when theatres reopen
Disney's “Frozen” Broadway show will not return when theatres are allowed to reopen after the coronavirus shutdown, the company announced...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DTG CyberSecurity History Information
Official Website of Disney Theatrical Group
The official website of Disney Theatrical Group is http://www.disneyonbroadway.com.
Disney Theatrical Group’s AI-Generated Cybersecurity Score
According to Rankiteo, Disney Theatrical Group’s AI-generated cybersecurity score is 710, reflecting their Moderate security posture.
How many security badges does Disney Theatrical Group’ have ?
According to Rankiteo, Disney Theatrical Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Disney Theatrical Group have SOC 2 Type 1 certification ?
According to Rankiteo, Disney Theatrical Group is not certified under SOC 2 Type 1.
Does Disney Theatrical Group have SOC 2 Type 2 certification ?
According to Rankiteo, Disney Theatrical Group does not hold a SOC 2 Type 2 certification.
Does Disney Theatrical Group comply with GDPR ?
According to Rankiteo, Disney Theatrical Group is not listed as GDPR compliant.
Does Disney Theatrical Group have PCI DSS certification ?
According to Rankiteo, Disney Theatrical Group does not currently maintain PCI DSS compliance.
Does Disney Theatrical Group comply with HIPAA ?
According to Rankiteo, Disney Theatrical Group is not compliant with HIPAA regulations.
Does Disney Theatrical Group have ISO 27001 certification ?
According to Rankiteo,Disney Theatrical Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Disney Theatrical Group
Disney Theatrical Group operates primarily in the Entertainment Providers industry.
Number of Employees at Disney Theatrical Group
Disney Theatrical Group employs approximately 613 people worldwide.
Subsidiaries Owned by Disney Theatrical Group
Disney Theatrical Group presently has no subsidiaries across any sectors.
Disney Theatrical Group’s LinkedIn Followers
Disney Theatrical Group’s official LinkedIn profile has approximately 53,856 followers.
NAICS Classification of Disney Theatrical Group
Disney Theatrical Group is classified under the NAICS code 71, which corresponds to Arts, Entertainment, and Recreation.
Disney Theatrical Group’s Presence on Crunchbase
No, Disney Theatrical Group does not have a profile on Crunchbase.
Disney Theatrical Group’s Presence on LinkedIn
Yes, Disney Theatrical Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/disney-theatrical-group.
Cybersecurity Incidents Involving Disney Theatrical Group
As of December 03, 2025, Rankiteo reports that Disney Theatrical Group has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Disney Theatrical Group has an estimated 7,236 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Disney Theatrical Group ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Disney Data Breach via Malware Disguised as AI Tool
Description: A 25-year-old California man, Ryan Kramer (alias NullBulge), tricked Disney employees into downloading malware disguised as an AI image-generation tool. Once installed, the malware harvested credentials and provided Kramer with unauthorized access to Disney’s private Slack channels and internal communications. One employee, Matthew Van Andel, inadvertently granted elevated privileges, enabling Kramer to exfiltrate more than 1.1 terabytes of confidential data. Stolen materials included personal information of employees, unreleased film and TV project files, and other proprietary corporate documents. When Van Andel failed to comply with threats of publication, Kramer posted the sensitive data on the BreachForums hacking site. Authorities say at least two other individuals were similarly compromised, and an ongoing investigation aims to determine the full extent of the breach. The exposure of internal communications and unreleased intellectual property poses serious reputational, legal, and financial risks for Disney, while also potentially undermining competitive positioning and violating privacy regulations.
Type: Data Breach
Attack Vector: Phishing, Malware
Vulnerability Exploited: Human error, Credential harvesting
Threat Actor: Ryan Kramer (alias NullBulge)
Motivation: Data exfiltration, Financial gain, Public disclosure
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing email with malware disguised as AI tool.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach DIS901050225
Data Compromised: Personal information of employees, Unreleased film and tv project files, Proprietary corporate documents
Systems Affected: Slack channelsInternal communications
Brand Reputation Impact: Serious reputational risks
Legal Liabilities: Potential legal risks
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Unreleased Film And Tv Project Files, Proprietary Corporate Documents and .
Which entities were affected by each incident ?
Incident : Data Breach DIS901050225
Entity Name: Disney
Entity Type: Corporation
Industry: Entertainment
Location: California, USA
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach DIS901050225
Type of Data Compromised: Personal information, Unreleased film and tv project files, Proprietary corporate documents
Sensitivity of Data: High
Data Exfiltration: 1.1 terabytes of confidential data
Personally Identifiable Information: Employee personal information
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach DIS901050225
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach DIS901050225
Entry Point: Phishing email with malware disguised as AI tool
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach DIS901050225
Root Causes: Human error, Credential harvesting
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Ryan Kramer (alias NullBulge).
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal information of employees, Unreleased film and TV project files, Proprietary corporate documents and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Slack channelsInternal communications.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal information of employees, Proprietary corporate documents and Unreleased film and TV project files.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Phishing email with malware disguised as AI tool.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=disney-theatrical-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
