Wynn Resorts, the luxury operator behind iconic Las Vegas properties like Wynn Las Vegas and Encore, has become the latest major casino company targeted in a cyberattack, highlighting the ongoing vulnerability of the gaming industry to sophisticated digital threats.
The breach, first reported on February 20, 2026, involved the cybercrime group ShinyHunters, which claimed to have stolen over 800,000 employee records. The compromised data reportedly included full names, email addresses, phone numbers, job positions, salaries, start dates, birthdays, and in some claims, Social Security numbers and other personally identifiable information. Importantly, no guest or customer data was reported stolen, and the incident did not disrupt hotel-casino operations, guest experiences, or property functions.
ShinyHunters demanded a $1.5 million ransom (approximately 22 Bitcoin at the time) and set a deadline of February 24, 2026 (Monday), threatening to publicly leak the data and cause additional “annoying digital problems” if unmet. The group allegedly exploited a vulnerability in Oracle PeopleSoft using stolen employee credentials, with access possibly dating back to September 2025.
Wynn Resorts confirmed the unauthorized access in statements issued on February 24 and 25, 2026, stating: “We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts.” The company added that the hackers claimed to have deleted the stolen data, and Wynn reported no evidence of publication or misuse to date. Employees were offered free credit monitoring and identity protection services.
The attack led to immediate fallout: Wynn’s stock dropped about 6.4% on February 23, falling $7.37 to $107.25 per share amid higher trading volume. At least one federal class-action lawsuit was filed (by a California resident in U.S. District Court in Nevada), alleging negligence, privacy invasion, and inadequate cybersecurity measures—though some filings initially misstated the breach as affecting customers rather than employees. Wynn has contested claims involving customer data.
This incident fits a troubling pattern in the Las Vegas gaming sector:
- 2023: MGM Resorts International suffered a major ransomware attack (linked to groups like Scattered Spider and ALPHV/BlackCat), shutting down systems for about nine days, disabling slot machines, room keys, and other services, and costing roughly $100 million in losses. MGM refused to pay ransom.
- 2023: Caesars Entertainment paid a $15 million ransom after a breach exposed loyalty program data via a third-party vendor.
- January 2025: Off-Strip Oyo Las Vegas was hit, exposing data of about 4,700 guests, employees, and partners (disclosed later in court filings).
- September 2025: Boyd Gaming Corp. reported a cybersecurity incident involving unauthorized access to internal IT systems and removal of employee and limited other data—no ransom or cost details were disclosed, and operations continued unaffected.
ShinyHunters has loose ties to Scattered Spider (also known as Octo Tempest), the group behind the 2023 MGM and Caesars attacks, which involved social engineering tactics like impersonating employees to gain access. Law enforcement has made arrests in those cases, including teenagers in the U.S. and abroad as recently as 2025.
The wave of attacks underscores rising risks for the casino industry, where vast amounts of personal and financial data make operators prime targets for extortion. Companies like Wynn had previously warned investors in SEC filings about such vulnerabilities, citing prior incidents as examples of potential operational and reputational harm.
As investigations continue, this latest breach serves as a reminder that even high-profile luxury brands remain in the crosshairs of persistent cybercriminals. Wynn maintains that business proceeds as usual, with enhanced monitoring in place.
About the Author
