The hack that exposed more than 44 million Slack messages from Disney employees in July may have been much worse, the WSJ reported on Thursday.
According to files viewed by WSJ, the breach included financial projections, strategic plans and sales data from Disney corporate (plus streaming projections and theme park pass sales), and personal details of Disney Cruise Line members, including passports, visas, contact information, and birthplaces.
Related: Disney's Internal Slack Message Data Leaked in Latest Hack Targeting a Major Company
In an August regulatory filing, Disney told investors that "over a terabyte of data" was part of an "unauthorized" release and that the company was investigating.
The month before, the hacking group Nullbulge claimed responsibility for the leak in a blog post, claiming they had internal data on upcoming projects and employees' personal information taken from the company's Slack messaging system.
Disney denied comment to the WSJ.
"We decline to comment on unverified information The Wall Street Journal has purportedly obtained as a result of a bad actor's illegal activity," a Disney spokesman said.