Gaming and casino giant Wynn Resorts confirmed this week it was the victim of a data breach and attempted extortion.
The company was added to black-hat hacker group’s website last week, but its name has since been removed.
Key Takeaways
- Wynn said that its customer data was not affected.
- The hacking group removed Wynn’s name from its website after demanding about $1.5 million in bitcoin.
- An individual is suing Wynn for the breach.
Wynn confirmed the breach of private employee data in a statement, noting that customers and Wynn casinos were unaffected by the events.
“We have learned that an unauthorized third party acquired certain employee data,” the company told SecurityWeek. “Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts.”
“This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business.”
That attack appears to have been conducted by ShinyHunters, a group that is known for breaching and extorting corporations and is believed to have been active since 2019.
Wynn was added to ShinyHunters’ website late last week. The group claimed it possessed more than 800,000 employee records, which included personal information such as social security numbers.
British tech website The Register reported that the group demanded 22.34 bitcoin – about $1.5 million – to not release the information.
“This is a final warning to reach out by 23 Feb 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the hackers wrote in a message addressed to Wynn Resorts at the time.
Wynn no longer appears on the company’s website. A company statement revealed that the hackers told them they had deleted the stolen information.
Enjoying Covers content? Add us as a preferred source on your Google account
How did the attack happen?
As Wynn deals with the aftermath of the incident, it said that it is in the middle of an investigation into the attack. The casino company also said that it will offer credit monitoring and identity protection to employees whose information was compromised during the attack.
“The security and confidentiality of our employees, as well as our guest data, is our top priority,” Wynn said. “While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents.”
ShinyHunters told The Register it gained access to Wynn’s systems in September thanks to a weakness in Oracle PeopleSoft, a software that manages processes such as HR, payroll, and related systems. It did not say how it accessed Wynn’s back end.
Wynn isn’t the only company to face attacks from ShinyHunters. The group also listed Betterment, Crunchbase, Figure, Panera Bread, and SoundCloud on its website over the last few weeks.
Wynn deals with a lawsuit
In the aftermath of the attack, California resident Richard Reed submitted a class-action lawsuit against Wynn.
The suit, dated Feb. 21, claims that Wynn failed to protect the private information of 800,000 customers, in addition to employees. It alleged seven counts of failing to take the proper precautions, such as ensuring the data was encrypted when it was stored.
Reed is seeking compensatory and consequential damages. Wynn already doubled down and said that customer information was not released during the attack.
