Nintendo of America: Hacker Group Steals Nintendo Employee Data, Posts $2 Million Ransom

Nintendo of America: Hacker Group Steals Nintendo Employee Data, Posts $2 Million Ransom

Nintendo Confirms Limited Data Breach via Third-Party HR Service

Nintendo of America has acknowledged a data breach involving TinyPulse, a third-party HR platform used for internal employee surveys. The incident, first claimed by hacking group ShadowByt3$ on June 13, allegedly exposed 859MB of sensitive employee data, including full names, bank statements, employee IDs, analytics reports, and workplace feedback.

In an official statement, Nintendo confirmed that its own systems were not compromised, and no customer or financial data was accessed. The affected information was limited to internal survey content from a small subset of employees, with most data dating back several years. The company is working with TinyPulse to address the issue.

ShadowByt3$ initially demanded a response from Nintendo by June 15, a common tactic in ransomware attacks targeting third-party vendors. While the breach’s scale is smaller than previous incidents like the 2024 Pokémon Company "teraleak," the exposure of sensitive HR data raises significant concerns if verified.

Nintendo has not disclosed further details on the breach’s scope or potential impact on affected employees.

Source: https://www.nintendolife.com/news/2026/06/hacker-group-steals-nintendo-employee-data-posts-usd2-million-ransom

Nintendo of America TPRM report: https://www.rankiteo.com/company/nintendo-us

"id": "nin1781634427",
"linkid": "nintendo-us",
"type": "Breach",
"date": "6/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': '0',
                        'industry': 'Gaming/Entertainment',
                        'location': 'United States',
                        'name': 'Nintendo of America',
                        'type': 'Company'},
                       {'industry': 'Human Resources',
                        'name': 'TinyPulse',
                        'type': 'Third-Party HR Service Provider'}],
 'attack_vector': 'Third-Party Vendor Compromise',
 'customer_advisories': 'No customer data affected',
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Full names',
                                              'Bank statements',
                                              'Employee IDs',
                                              'Analytics reports',
                                              'Workplace feedback']},
 'date_detected': '2024-06-13',
 'description': 'Nintendo of America has acknowledged a data breach involving '
                'TinyPulse, a third-party HR platform used for internal '
                'employee surveys. The incident, first claimed by hacking '
                'group ShadowByt3$ on June 13, allegedly exposed 859MB of '
                'sensitive employee data, including full names, bank '
                'statements, employee IDs, analytics reports, and workplace '
                'feedback. Nintendo confirmed that its own systems were not '
                'compromised, and no customer or financial data was accessed. '
                'The affected information was limited to internal survey '
                'content from a small subset of employees, with most data '
                'dating back several years.',
 'impact': {'data_compromised': '859MB of sensitive employee data',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High',
            'systems_affected': 'TinyPulse HR platform'},
 'initial_access_broker': {'entry_point': 'Third-Party HR Service (TinyPulse)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion/Ransomware',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Response demanded by June 15'},
 'references': [{'source': 'Nintendo Official Statement'}],
 'response': {'communication_strategy': 'Public Statement',
              'third_party_assistance': 'Yes (TinyPulse)'},
 'threat_actor': 'ShadowByt3$',
 'title': 'Nintendo Confirms Limited Data Breach via Third-Party HR Service',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.