Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: nintendo (1 article)Clear

Nintendo employee survey data stolen via third-party HR tool TinyPulse

Nintendo of America has confirmed that attackers stole internal employee data through TinyPulse, a third-party employee-survey service run by WebMD Health Services, after a threat actor calling itself SHADOWBYT3$ posted the haul and demanded a $2 million ransom. Nintendo says its own systems were not breached, no customer or financial data was touched, and the exposure is limited to internal survey content for a small subset of employees, mostly several years old. The attacker, however, claims to hold more, including bank statements and tax forms. The incident is a textbook third-party vendor breach affecting a major brand.

Check
Review which third-party HR and survey tools hold employee data, what they store, and how access is secured, and watch for phishing aimed at employees referencing surveys or HR programs.
Affected
Nintendo of America employees whose internal survey responses were exposed via the TinyPulse service; the threat actor claims additional data, which Nintendo has not confirmed.
Fix
Inventory and risk-assess third-party tools holding employee data, require strong authentication and least-privilege access for vendor integrations, and minimize the sensitive data shared with such services.