GoKawiilNintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised.
The company’s statement comes after claims from the Shadowbyt3$ “extortion-as-a-service” threat group that they exfiltrated sensitive data related to Nintendo of America employees.
“We are aware of an issue involving TinyPulse, a third-party service used for internal employee surveys at Nintendo of America,” stated Nintendo.
“Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed. Nintendo’s systems have not been compromised, and no personal customer or financial data has been accessed."
"The data involved is limited to internal survey content comprising a small subset of our employees, and most of the information dates back several years,” the company told BleepingComputer.
Nintendo of America is a subsidiary of the Japanese game company, responsible for operations in the United States, Canada, and parts of Latin America.
TinyPulse is an employee engagement and feedback platform used for anonymous employee surveys, engagement analytics, feedback collection, and workplace culture assessments.
The gaming firm said it is “working with the service provider to address the issue.”
BleepingComputer contacted WebMD Health Services, the owner of the TinyPulse platform, for more information about the incident and its impact, but we did not receive a response by publishing time.
Shadowbyt3$ demands $2 million ransom
... continue reading