Matthew Van Andel filed a wrongful termination complaint against Disney after he unknowingly downloaded malware that compromised the company's cybersecurity. 

"I'm usually pretty careful," he said. "I don't just download random stuff. I checked out the software. It looked legitimate."

The software Van Andel downloaded onto his personal computer was a free AI tool from a code-sharing website. Months later, he received an unexpected message from a stranger on Discord. It referenced a private conversation he had with other Disney coworkers. Later that day, another chilling message confirmed that he had been hacked. 

"They're watching what I'm doing in my email," Van Andel recalled. "I don't even know what to do right now."

The hackers infiltrated Disney's Slack network using Van Andel's credentials, which were saved on his personal computer. The hack exposed millions of messages, including sensitive financial and employee data. He reported the hack to Disney, but it didn't stop there.

They also leaked Van Andel's personal information, including credit card numbers, his social security number, passwords, medical records and home security credentials.

"They've been everywhere," he said. "Calling it a sense of violation is a huge understatement."

Cybersecurity expert Casey Ellis said this could happen to just about anyone. He recommended that people monitor what they're downloading and installing onto their computers. He also recommended that everyone enable multi-factor authentication on every application. 

"It puts you one step ahead of the attackers," Ellis said. "If they get your password, they can't necessarily get in because they don't have that second factor that you need to basically authenticate a login."

It's also best to delineate personal and work systems to mitigate the risk of a personal computer compromising an employer. 

"If there is that clean separation, then the kind of pivot that these attackers managed to execute is going to be a lot more difficult, if not impossible," Ellis said. 

Van Andel said he and his family spent weeks trying to secure their accounts while also dealing with a flood of attacks from other people who had access to his leaked information. At the time, he appreciated the support Disney provided. 

"It really did keep me going because I was falling apart," Van Andel said. "I wasn't eating. I wasn't sleeping. You're under constant attack every minute of every day."

However, Disney fired Van Andel, claiming he accessed inappropriate material on his work computer, something he vehemently denies. 

"Mr. Van Andel's claim that he did not engage in the misconduct that led to his termination is firmly refuted by the company's review of his company-issued device," Disney said in a statement. 

Van Andel's attorney filed the complaint against Disney this week, claiming slander and wrongful termination. 

"I still have nightmares. I still wake up every morning and wish I hadn't," Van Andel said. "Things might get better, I don't know, but if it happens, it's going to be a very long road. And I'm one person, and they're one of the biggest, most powerful, most recognizable companies in the world."