WHS A.I CyberSecurity Scoring
WHS
Company Information
Website:http://www.webmdhealthservices.com
Employees number:590
Number of followers:18,364
NAICS:71394
Industry Type:Wellness and Fitness Services
Homepage:webmdhealthservices.com
WHS Risk Score (AI oriented)
Between 0 and 549
WHSWellness and Fitness Services
Updated:
19/06/2026
19/06/2026
524/1000
Critical
C
WHS Global Score (TPRM)
xxxx
WHSWellness and Fitness Services
Score locked

WHSCritical
Current Score
524C (CRITICAL)
01000
5 incidents
-84.33 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
526
JUNE 2026
604
Breach
15 Jun 2026 • WHS
Nintendo of America: Hacker Group Steals Nintendo Employee Data, Posts $2 Million Ransom
Nintendo Confirms Limited Data Breach via Third-Party HR Service
524
HIGH-80
NIN1781634427
Nintendo Confirms Limited Data Breach via Third-Party HR Service
Nintendo of America has acknowledged a data breach involving TinyPulse, a third-party HR platform used for internal employee surveys. The incident, first claimed by hacking group ShadowByt3$ on June 13, allegedly exposed 859MB of sensitive employee data, including full names, bank statements, employee IDs, analytics reports, and workplace feedback.
In an official statement, Nintendo confirmed that its own systems were not compromised, and no customer or financial data was accessed. The affected information was limited to internal survey content from a small subset of employees, with most data dating back several years. The company is working with TinyPulse to address the issue.
ShadowByt3$ initially demanded a response from Nintendo by June 15, a common tactic in ransomware attacks targeting third-party vendors. While the breach’s scale is smaller than previous incidents like the 2024 Pokémon Company "teraleak," the exposure of sensitive HR data raises significant concerns if verified.
Nintendo has not disclosed further details on the breach’s scope or potential impact on affected employees.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Cyber Attack
15 Jun 2026 • WHS
Nintendo: SHADOWBYT3$ Claims Breach of Nintendo, Alleges Data Theft
SHADOWBYT3$ Claims Cyberattack on Nintendo via TINYpulse HR Platform
524
CRITICAL-80
NIN1781519336
SHADOWBYT3$ Claims Cyberattack on Nintendo via TINYpulse HR Platform
The extortion-as-a-service (EaaS) group SHADOWBYT3$ has publicly claimed responsibility for a cyberattack targeting Nintendo, alleging the theft of 859 MB of sensitive employee data from the company’s use of the HR engagement platform TINYpulse. The breach, disclosed between June 12–13, 2026, includes a $2 million ransom demand, with threats to leak the data if payment is not received.
Unlike typical attacks on gaming infrastructure, SHADOWBYT3$ exploited a third-party SaaS provider TINYpulse to access employee personally identifiable information (PII), financial documents, and internal HR communications. The stolen dataset reportedly includes:
- Full employee names, email addresses, and IDs
- Bank statement PDFs and W-9 tax forms
- Engagement surveys, analytics reports, and progress plans
- Private employee sentiment data, including workplace discussions and engagement rankings (2016–2026)
The group emphasized that the breach does not impact Nintendo’s gaming operations, affecting only employees who used TINYpulse. After Nintendo declined to engage, SHADOWBYT3$ shifted its demand to TINYpulse, extending the deadline to June 16, 2026, and requesting contact via Telegram or email.
Operating under an EaaS model, the group’s strategy mirrors Ransomware-as-a-Service (RaaS), targeting supply chain vulnerabilities to maximize data exposure while minimizing detection risks. As of publication, neither Nintendo nor TINYpulse has confirmed the breach, leaving the incident unverified with an ESIX© severity score of 5.60. The attack highlights a growing trend of threat actors exploiting SaaS integrations to bypass enterprise defenses.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
706
Ransomware
13 Jun 2026 • WHS
Nintendo and TinyPulse: Nintendo, third-party program hit by cyberattack for $2M ransom
Nintendo Hit by Ransomware Attack Targeting Employee Data via Third-Party Vendor
604
CRITICAL-102
NINWEB1781720981
Nintendo Hit by Ransomware Attack Targeting Employee Data via Third-Party Vendor
Nintendo recently fell victim to a cyberattack by the hacking group ShadowByt3$, which threatened to leak stolen employee data unless a $2 million ransom was paid within two days. The breach, detected on June 13, originated through TinyPulse, a third-party HR platform used by Nintendo of America for employee feedback and performance analytics.
The attackers claimed to have exfiltrated 859 MB of sensitive data, including names, surveys, bank statements, tax forms, and other internal documents. Initially, ShadowByt3$ demanded payment by June 15 to prevent the release of the information. When no ransom was paid, the group escalated its threats on June 14, extending the deadline to June 16 and targeting TinyPulse directly a tactic known as triple extortion, where attackers pressure multiple parties connected to the victim.
Nintendo confirmed the incident in a June 15 statement, clarifying that its own systems remained uncompromised and that no customer or financial data was accessed. The exposed information was limited to internal survey content from a small subset of employees, much of it dating back several years. The company is working with TinyPulse to address the breach.
As of June 17, no further threats or negotiations have been reported, though investigations into the breach’s full impact are ongoing. Nintendo of America, headquartered in Redmond, Washington, operates as the North and South American arm of the Kyoto-based company, founded in 1889.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
706
APRIL 2026
705
MARCH 2026
704
FEBRUARY 2026
703
JANUARY 2026
702
DECEMBER 2025
701
NOVEMBER 2025
699
OCTOBER 2025
768
Breach
01 Oct 2025 • WHS
TINYpulse and Nintendo of America: Nintendo confirms third-party data incident, staff data stolen
Nintendo of America Data Breach via Third-Party Survey Provider TINYpulse
697
HIGH-71
WEBNIN1781850386
Nintendo of America Confirms Data Breach via Third-Party Survey Provider TINYpulse
Nintendo of America has acknowledged a data security incident involving TINYpulse, a third-party anonymous employee survey service owned by WebMD Health Services. The breach, attributed to the ShadowByt3$ threat group, exposed internal survey data linked to a small subset of Nintendo employees, with most of the compromised information dating back several years.
According to Nintendo, its own systems remain uncompromised, and no customer or financial data was accessed. The company is collaborating with TINYpulse to address the issue.
ShadowByt3$ claimed responsibility for the attack, alleging the theft of nearly 1GB of data, including employee personal details such as names, email addresses, bank statements, W-9 forms, progress reports, and survey analytics. The group initially demanded a $2 million ransom, giving Nintendo 48 hours to negotiate with an additional day offered if contacted. The threat actors later posted alleged leaked data, including employee conversations, suggesting Nintendo did not engage in negotiations.
Active since October 2023, ShadowByt3$ operates as an extortion-as-a-service group, leaking stolen data from non-paying victims. While it remains unclear whether ransomware was used, the group’s tactics mirror those of traditional ransomware operations, though payment does not guarantee data deletion or future security. The incident highlights risks associated with third-party service providers in corporate data security.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2025
768
AUGUST 2025
768
MAY 2020
769
Vulnerability
01 May 2020 • WHS
TinyPulse and Nintendo: Nintendo Acknowledges Employee Data at Risk After Third-Party Service Breach
Nintendo Data Breach via Third-Party Service
753
HIGH-16
NINWEB1781692782
Nintendo Confirms Data Breach via Third-Party Service, Employee Information Exposed
Nintendo has disclosed a data breach involving employee information after the extortion group ShadowByt3$ claimed to have compromised its systems. The company clarified that its own servers remained secure, but a vulnerability in TinyPulse, a third-party employee survey platform, led to the exposure.
The hackers demanded a $2 million ransom to prevent the release of sensitive data, including names, email addresses, bank records, survey responses, performance evaluations, and details on top-performing staff. While Nintendo confirmed no customer or financial data was accessed, the leaked information primarily older survey content could still pose risks.
Unlike previous high-profile breaches, such as the 2020 Gigaleak or Teraleak incidents, this incident does not involve game development assets or intellectual property. Nintendo stated it does not intend to negotiate with the extortion group and expects the data to be published online. The company is working with TinyPulse to address the issue.
The breach follows past criticism of Nintendo of America’s handling of temporary worker contracts, raising concerns about potential internal disclosures in the leaked survey data. No further details on the extent of the exposure have been released.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for WHS ??
What was WHS's A.I Rankiteo Cyber Score in June 2026 ??
What was WHS's A.I Rankiteo Cyber Score in May 2026 ??
What was WHS's A.I Rankiteo Cyber Score in April 2026 ??
What was WHS's A.I Rankiteo Cyber Score in March 2026 ??
What was WHS's A.I Rankiteo Cyber Score in February 2026 ??
What was WHS's A.I Rankiteo Cyber Score in January 2026 ??
What was WHS's A.I Rankiteo Cyber Score in December 2025 ??
What was WHS's A.I Rankiteo Cyber Score in November 2025 ??
What was WHS's A.I Rankiteo Cyber Score in October 2025 ??
What was WHS's A.I Rankiteo Cyber Score in September 2025 ??
What was WHS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on WHS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with WHS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view WHS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?