Nintendo Employee Data Stolen by Hacker Group, $2M Ransom

On Tuesday evening, Nintendo of America issued a formal statement addressing the alleged data breach, clarifying that the compromise was confined to internal survey data from a small group of employees and that the majority of the information is several years old.

The company confirmed that the incident involved TinyPulse, a third‑party platform used for internal employee feedback, and reassured that its own systems remained secure with no customer or financial records compromised.

Nintendo expressed gratitude for its employees’ openness in sharing insights, reaffirming its commitment to listening to feedback and acting on it when necessary.

According to a report from Technadu, relayed by Nintendo Everything, the alleged cyber‑attack took place on June 13, giving Nintendo a tight window until June 15 to address the situation.

ShadowByt3$ asserts it has extracted 859 MB of confidential information from Nintendo’s internal network, including full employee names, bank statements, personnel IDs, internal reports, analytics, and additional sensitive data.

The breach is said to have occurred through TINYpulse, a WebMD Health Services HR platform that Nintendo uses for employee engagement and performance feedback. Hijacking a third‑party service rather than the company’s own systems is a familiar strategy employed by ransomware outfits.

Although this leak is considerably smaller than the massive “teraleak” that hit The Pokémon Company in 2024 or the earlier “gigaleak,” the depth of personal and financial information involved renders it a potentially catastrophic incident if the claims prove true.

We have contacted Nintendo for an official statement and will promptly revise this article once we receive a response.