In the developed network society, there are more and more businesses using cyber service and

online cloud to save data and manage the daily service. On the other side of advanced
technology, cyber-attacks targeting different companies, especially the famous ones, are
increasing, with news about data breaches. Data breaches are frustrating and coming with
devastating impacts. There are generally two types of breach, consumer information breach
and one revealing company’s intellectual property or business secrets. This essay is going to talk
about ransomware which does both breaches.

According to the data collection, over 25 of the Fortune 500 companies have experienced
ransomware attack, which influence heavily on their intellectual property’s safety (Identity
Theft Resource Center, 2021). Nintendo has experienced this attack in April 2020. At the
beginning of the month, around 160000 accounts were breached (Matthews, 2020). And in the
later team, the data kidnappers, after Nintendo failed to pay the ransom demands, posted
massive amounts of proprietary data online, which also involves data prototypes. It is worth to
mention that such attack is not a one-time thing, that two other international businesses
experienced the same later.

The hackers got all the data, by using Nintendo’s legacy system, Nintendo Network ID. With no
further details provided, hackers used these IDs to get client’s accounts, with account’s financial
information including credit card numbers and PayPal credentials, and personal details. The
other lose caused by this, is that hackers using the PayPal credentials to do online purchase.
Nintendo never revealed how much was paid to make up the lose in total, however, it did cause
the company to lose a lot of clients and those potential clients. Hackers were not caught at that
time.

Nintendo chose to close the NNID services and reset all the affected user’s passwords. This
definitely was not a perfect user experience and did influence the brand image. From the IT
side, Nintendo then required two-step verification for clients’ login. But there was nothing else,
with only words saying to strengthen their security in the future.

From IT side, a lesson to learn from this is to add more penetration test and vulnerability test,
as Nintendo’s issue caused by the old system which is an invisible missing point in every
company. Secondly, company should also emphasize the importance of multi-factor
authentication, which can reduce the possibility that hackers can get access to the systems with
only one password. Finally, the protection method should be reviewed at a regular base, as the
cyber technology is improving and hackers can also identify new ways to get into the systems.
No solution can be effective forever.
Reference:
Identity Theft Resource Center. (2021, December 7). Companies Attacked by Ransomware
Increase as Hackers Find Value in Company Secrets. ITRC. Retrieved January 30, 2022, from
https://www.idtheftcenter.org/post/companies-attacked-by-ransomware-increase-as-hackers-
find-value-in-company-secrets/
Matthews, K. (2020, May 1). Incident of the Week: Nintendo Investigating 160,000 Account
Breaches. Cyber Security Hub. Retrieved January 30, 2022, from
https://www.cshub.com/attacks/articles/incident-of-the-week-nintendo-investigating-160000-
account-breaches