Nintendo HR Data Stolen via TinyPulse Third-Party Vendor

Key points

• 859 megabytes of Nintendo-related HR data claimed by a threat actor.
• Data originated from TinyPulse, a third-party employee engagement platform.
• Nintendo confirmed the incident, downplaying it as a third-party vendor compromise.

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Nintendo

Sector: Information

Likely country: Location not provided

Estimated

Threat source

Hacking activity

The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.

• Source type: outside the affected organization
• Source type: possible insider or internal misuse
• Source type: supplier or third-party involvement

Business impact

Potential data exposure

Impact area: Confidentiality

Trend context

74 signals with similar action pattern

• 29 signals in the same sector
• 93 signals with the same likely impact area
• 1 signal linked to this organization/domain

Mentioned entities

NintendoSuspected Data ExposureTinyPulse Third-Party Vendor Nintendo ofAmericaTinyPulseWebMD Health Services. ANintendo-related HRNintendo

External sources

• June 2026 Data Breaches: List Major Incidents & Latest Updates - SharkStrikerhttps://sharkstriker.com/blog/june-2026-data-breaches/Public source from sharkstriker.com.
• AI-Driven Threats, Zero-Days, and Data Breaches Define This Week in Cybersecurity for June 2026 | eSecurity Planethttps://www.esecurityplanet.com/weekly-roundup/ai-driven-threats-zero-days-and-data-breaches-define-this-week-in-cybersecurity-for-june-2026/Public source from esecurityplanet.com.
• Nintendo confirms data stolen in WebMD subsidiary cyberattack - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/Public source from bleepingcomputer.com.
• Nintendo confirms employee survey data stolen from third-party service | brief | SC Mediahttps://www.scmagazine.com/brief/nintendo-confirms-employee-survey-data-stolen-from-third-party-servicePublic source from scmagazine.com.
• Nintendo confirms data stolen in WebMD subsidiary cyberattack - BleepingComputerhttps://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/Public source from bleepingcomputer.com.
• Your Breaches of the Week! June 15 to June 21, 2026 - YouTubehttps://www.youtube.com/watch?v=T-lkUxwjwP8Public source from youtube.com.
• SWK Cybersecurity News Recap June 2026https://www.swktech.com/swk-cybersecurity-news-recap-june-2026/Public source from swktech.com.

Related signals

Grouped by why the signal is relevant.

Agelessrx·Jun 25, 2026

Same sectorSame action patternSame impact area

AgelessRx Data Breach Exposes Patient Health Information

AgelessRx, a telehealth platform specializing in longevity and anti-aging treatments, disclosed a data breach. An unauthorized actor gained access to certain help-desk tickets within the company's system between April 17 and April 22, 2026. The breach exposed sensitive patient health information, including names, dates of birth, health diagnoses or conditions, medications, and prescription details. The incident was reported to attorneys general on June 24, 2026, and notification letters to affected individuals began on June 23, 2026.

Jamf·Jun 24, 2026

Same sectorSame action patternSame impact area

Jamf Customer Data Exposed in Klue Supply Chain Attack

Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.

Insurity·Jun 24, 2026

Same sectorSame action patternSame impact area

Insurity Customer Data Exposed in Klue Supply Chain Attack

Insurity, a leading provider of cloud-based software for insurance carriers, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.

Klue·Jun 24, 2026

Same sectorSame action patternSame impact area

Klue Data Breach Leads to Salesforce Customer Data Exposure

Market intelligence platform Klue experienced a data breach, uncovered on June 12, 2026, where attackers stole OAuth tokens used to access customer data from Salesforce. The Icarus group claimed responsibility, leaking business contacts, sales notes, and pricing details from multiple victims. The incident was widely reported on June 24, 2026.

Onetrust·Jun 24, 2026

Same sectorSame action patternSame impact area

OneTrust Customer Data Exposed in Klue Supply Chain Attack

OneTrust, a privacy, security, and governance technology company, was among the organizations affected by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.

Snyk·Jun 24, 2026

Same sectorSame action patternSame impact area

Snyk Affected by Klue Supply Chain Data Breach

Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.