North Pole Cyber Attack. Naughty List Leaked

St. Nicholas & Company disclosed a data breach in which hackers accessed their database.  Information leaked in the breach includes personal identifiable information for all elf employees, banking information, and the famous naughty/nice list.  

The company estimates 200 elves were affected in the breach, and the entire naughty/nice list which includes 7 billion children and parents.  

Wuvavi had an exclusive interview with one of the affected employees, Peppermint the Elf.

Peppermint said,

With the reindeer constantly sending links to cat videos, and inviting guests into the barn for eggnog, they should have expected that our information is at risk.  I’m just tired of all these reindeer games. I’m not sure why management didn’t take security more seriously.

The goal of the hack seems to be focused on obtaining private information from St. Nicholas & Company.

In a letter to stakeholders on Monday, St. Nicholas & Company Chief Executive, Kris Kringel said that they are working closely with the team at Wuvavi to better understand how the attack took place, and how to prevent similar attacks in the future.  

Wuvavi’s review shows attackers likely gained access through a malicious phishing email that offered an unnamed elf a gift card from Amazon.


A single employee clicked on a link, and this action installed a virus that quickly spread across the network.

An anonymous source suggested the Grinch was at fault, but no one has claimed responsibility for the attack.  The Grinch denied our request for an interview.

The company insists that they will move forward with Christmas as planned, and that children and parents should be confident that they are investing to protect information in the future.

St. Nicholas & Company will begin prevention by rolling out Wuvavi’s employee training and phishing platform in January.