Overview
- ShadowByt3$ said on June 12–13 that it had exfiltrated about 859MB of Nintendo employee data and posted a $2 million ransom demand targeting Nintendo and later TinyPulse.
- Nintendo of America acknowledged an issue involving TinyPulse and said its own systems were not breached and that no customer or corporate financial data were accessed.
- The company described the affected files as mostly historical internal survey content from a small group of employees, and said it is working with the third‑party vendor to investigate.
- Evidence for the group's claim remains unverified because the group's posted proof link is inaccessible and screenshots circulating online have not been authenticated.
- Targeting a third‑party HR tool like TinyPulse illustrates a growing tactic of hitting vendors to reach company data and raises privacy and regulatory risks if the alleged bank statements and tax forms are confirmed.