We've contacted Nintendo for a comment on the BBC report, but don't have our fingers crossed as this is still an ongoing investigation. Maybe we should contact this incarcerated hacker to get Nintendo's comment, since he's apparently capable of getting all up in their infos.
Update: According to a report on El Mundo, the hacked data in question didn't come from one of the console-based services, but a website for upcoming 3DS preview events. ElOtroLado user adan_gecko discovered a vulnerability allowing any user to see or even modify the list of people who signed up for more information. He said that he reported this vulnerability to Nintendo, and this appears to be the infraction in question. Thanks to Elideb for the extra information.