Overview
- This week Nintendo of America confirmed that survey data hosted on TinyPulse, a WebMD-owned employee feedback platform, was stolen by threat actors.
- The extortion group Shadowbyt3$ claims it exfiltrated close to 1 GB of files and is demanding $2 million, posting alleged proofs and a leak link when negotiations did not occur.
- Nintendo says the incident affected internal survey content for a small subset of employees, that most records date back several years, and that its own networks and customer financial systems were not compromised.
- Independent reporting has not fully verified the leaked material and some proof links were inaccessible, leaving uncertainty about the presence of bank statements, W-9s or other personal documents.
- The case highlights risks from HR and vendor tools that store employee PII and could lead to identity or financial fraud for staff, and it may prompt tighter vendor controls and checks across other companies that use TinyPulse.