Overview
- A self‑described extortion group calling itself ShadowByt3$ claimed to have taken roughly 859MB of Nintendo employee data and demanded a $2 million ransom.
- Nintendo confirmed on June 16 that the incident involved TinyPulse, saying the affected material is limited to internal survey content for a small subset of employees and that most records date back several years.
- Nintendo said its own systems were not compromised and no customer or financial data was accessed, and the company is working with TinyPulse to investigate and address the issue.
- Some leaked screenshots and samples circulated online and were partially reviewed by outlets, but the original proof link became inaccessible and independent verification of the full dataset remains incomplete.
- Reported contents include names, emails, bank statements, W‑9s, surveys and private messages, which raises direct privacy and financial risks for impacted staff and highlights supply‑chain vulnerabilities in third‑party HR tools.