A former Disney employee, Matthew Van Andel, has filed a wrongful termination lawsuit against the company after he was fired following a cybersecurity breach. Van Andel claims he was unknowingly hacked after downloading what he believed to be a legitimate AI tool.
The breach exposed millions of internal messages, including sensitive financial and employee data. Although Disney initially supported him, the company later terminated his employment, citing misconduct—an allegation Van Andel strongly denies.
How the Cybersecurity Breach Happened
Van Andel, who describes himself as a careful tech user, says he downloaded a free AI tool from a code-sharing website. Months later, he received mysterious messages on Discord referencing private work conversations he had with colleagues.
Key Events of the Hack:
Unknown hackers infiltrated Disney’s Slack network using Van Andel’s credentials, which were saved on his personal computer
Millions of messages containing financial and employee data were compromised
Hackers leaked Van Andel’s personal information, including:
- Credit card numbers
- Social security number
- Medical records
- Home security credentials
Van Andel immediately reported the breach to Disney, but the damage had already been done.
“They’re watching what I’m doing in my email,” he recalled. “I don’t even know what to do right now.”
Cybersecurity Expert Weighs In: “This Could Happen to Anyone”
Cybersecurity expert Casey Ellis explained that downloading unfamiliar software is a major risk, even when it appears legitimate.
Key Cybersecurity Tips:
- Enable Multi-Factor Authentication (MFA) – Even if hackers steal your password, they won’t be able to log in without the second verification step.
- Keep Personal and Work Systems Separate – Using a personal device for work-related activities increases cybersecurity risks.
- Be Cautious with Free Software – Many open-source or free AI tools may be embedded with malware.
“If there is that clean separation, then the kind of pivot that these attackers managed to execute is going to be a lot more difficult, if not impossible,” Ellis said.
Van Andel’s Firing: Disney’s Stance vs. His Claims
Despite initially assisting him during the crisis, Disney later terminated Van Andel’s employment, claiming he had accessed inappropriate material on his work computer—an accusation he denies.
Disney’s Statement:
“Mr. Van Andel’s claim that he did not engage in the misconduct that led to his termination is firmly refuted by the company’s review of his company-issued device.”
Van Andel, however, insists he was wrongfully fired.
“I still have nightmares. I still wake up every morning and wish I hadn’t,” he said. “Things might get better, but it’s going to be a very long road.”
His attorney has filed a lawsuit against Disney, alleging:
- Wrongful termination
- Slander
Van Andel argues that the cyberattack was beyond his control and that Disney is using an unrelated accusation to justify his dismissal.
The Fallout: Life After the Hack
Van Andel and his family have spent weeks securing their personal accounts, dealing with:
- Identity theft
- Constant cyberattacks
- Emotional and financial distress
At first, he appreciated Disney’s support as he struggled to recover from the attack.
“It really did keep me going because I was falling apart,” Van Andel admitted. “I wasn’t eating. I wasn’t sleeping. You’re under constant attack every minute of every day.”
However, his termination has left him feeling betrayed and overwhelmed.
“I’m just one person, and they’re one of the biggest, most powerful, most recognizable companies in the world.”
Lessons for Employees and Companies
The Van Andel case highlights the dangers of cybersecurity breaches and the risks employees face when using personal devices for work.
For Employees:
- Always verify software sources before downloading.
- Keep personal and work devices separate.
- Enable multi-factor authentication on all work-related accounts.
For Companies:
- Implement strict cybersecurity training for employees.
- Ensure proper device management policies.
- Avoid placing sole blame on employees for cybersecurity failures.
As Van Andel’s lawsuit against Disney moves forward, the case raises important questions about corporate responsibility, cybersecurity risks, and employee rights in the digital age.
