 |
Nintendo of America has acknowledged that employee survey data was exposed through a security incident involving TinyPulse, a third-party platform used for internal feedback and engagement surveys. The company emphasized that its own systems were not compromised and that no customer or financial information was affected.
The confirmation follows claims made by the Shadowbyt3$ cybercrime group, which alleged that it had obtained sensitive information linked to Nintendo of America employees.
“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” stated Nintendo.
“Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed. Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed.”
“The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company told BleepingComputer.
Nintendo of America, which oversees operations across the United States, Canada, and parts of Latin America, explained that the affected information was restricted to internal survey content collected through TinyPulse.
TinyPulse is a workplace engagement platform that enables organizations to conduct anonymous employee surveys, gather feedback, analyze workforce sentiment, and assess company culture.
Nintendo added that it is “working with the service provider to address the issue.”
Meanwhile, BleepingComputer reached out to WebMD Health Services, the owner of TinyPulse, seeking additional details about the incident and its potential impact. However, no response had been received at the time of publication.
Despite Nintendo’s statement that only survey-related information was exposed, the Shadowbyt3$ group claims the stolen data includes more extensive employee records.
The threat actor initially alleged that nearly 1GB of data had been taken from Nintendo and gave the company 48 hours to begin negotiations before the information would be released publicly.
According to the group, the dataset contains employee names, email addresses, survey and analytics information, bank statements, W-9 forms, employee identification details, progress plans, and reports spanning from 2016 to 2026.
“If you contact us we give you an extra day to think this through. We are demanding a ransom payment of 2 million dollars,” reads the Shadowbyt3$ post.
In a follow-up statement, the group claimed that the incident did not impact Nintendo’s gaming operations and instead affected “a small amount of employees that work for nintendo and have used tinypulse.”
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: