Nintendo confirms data stolen in WebMD subsidiary cyberattack
Summary
Nintendo has confirmed that a cyberattack on its vendor, TinyPulse, resulted in the theft of survey data. Nintendo's own systems were not breached, but data collected through TinyPulse, including employee survey responses, was accessed by threat actors. The stolen information contained personally identifiable information (PII) of Nintendo employees.
IFF Assessment
This event represents a data breach where employee PII was compromised, negatively impacting defenders and individuals.
Defender Context
This incident highlights the risk associated with third-party vendors. Organizations must ensure their vendors have robust security controls and conduct thorough due diligence to prevent supply chain attacks. Defenders should also be aware of potential data exfiltration vectors through seemingly innocuous survey tools.