Cyber Incident Victim: Nintendo Co., Ltd.

On June 13, 2026, the hacking group ShadowByt3$ claimed to have obtained 859 megabytes of Nintendo employee data through the TinyPulse service used for internal employee surveys at Nintendo of America. The group asserted that the data included full names of employees, bank statements, employee IDs, reports, analytics, and other information. ShadowByt3$ set a deadline of June 15, 2026, for Nintendo to respond to their claim and posted a ransom demand of two million US dollars. The claim was reported by technology news outlets and referenced in Nintendo‑related coverage.

On June 16, 2026, Nintendo issued an official statement confirming that a breach involving TinyPulse had occurred. The company stated that its own systems had not been compromised and that no personal customer or financial data had been accessed. Nintendo described the affected data as limited to internal survey content comprising a small subset of its employees, noting that most of the information dated back several years. The statement also clarified that employees outside of North America were not involved in the incident.

Nintendo said it was working with the service provider, TinyPulse, to address the issue and expressed appreciation for employees’ willingness to share feedback. The company reiterated that it would take all feedback seriously and act when needed. No further details about the ransom demand or any payment were disclosed in the statement. The narrative ends with the confirmation that the breach was confined to the specified internal survey data and that Nintendo’s systems remained secure.