One of the most prominent luxury casino operators in the US, Wynn Resorts, has confirmed that a cyberattack saw sensitive data exposed to hackers. BonusFinder, an online casinos comparison site, reveals all.
The breach, which occurred in 2025, follows a concerning trend for prestigious resorts – with similar infringements seen throughout this decade.
This latest theft resulted in over 800,000 private files being taken by notorious hacking group, ShinyHunters. It is believed that the stolen data is limited to employees only, and no customer information was targeted in the attack.
Not only does the raid call into question the viability of modern security systems against criminal entities, but it also generates major financial unease for those leading large-scale casino resorts.
Attack unveiled private employee records; guests unaffected
The breach was reportedly led by infamous cyber criminal organization ShinyHunters, which has overseen attacks on Microsoft, AT&T, Ticketmaster, Harvard University and Google, among others, since 2020.
It is believed that around 800,000 sensitive employee records were exposed in the attack. Wynn Resorts maintains that consumer data remained secure throughout the breach.
Specific information stolen in the cyberattack includes:
- Full names and birthdays
- Job roles, including start dates
- Salaries
- Email addresses and phone numbers
- Social Security Numbers
ShinyHunters reportedly initiated the attack in September 2025, leveraging a security weakness in Wynn's Oracle PeopleSoft digital protocol to view and subsequently steal employee records via existing legitimate login credentials.
The offending party initially celebrated its attack on Wynn Resorts by adding the operator to a list of companies successfully breached on its dark web platform. The high-end hotel's name has since been removed.
Wynn responds to attack following customer lawsuit
After a lawsuit by California resident Richard Reed alleged that Wynn Resorts failed to secure consumer data as a result of ShinyHunters' cyberattack, the Las Vegas-based firm finally addressed the matter.
Speaking to Gambling Insider via email, company Chief Communications and Brand Officer Michael Weaver outlined that although an attack had taken place, no customer data was exposed in the cyber assault:
"We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts."
It is believed that ShinyHunters demanded a ransom worth $1.5m in Bitcoin to be paid by February 24 in order to delete stolen files.
While Weaver would not disclose whether any ransom had been paid, he confirmed that ShinyHunters had removed all employee information from its internal database.
"The unauthorized third party has stated that the stolen data has been deleted. We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.
"This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business. Our guests can continue to expect the customer experience for which Wynn Resorts is known."
Reed's legal action was submitted on February 21, 2026, seeking damages for seven counts of security failures by Wynn Resorts. Among the alleged transgressions are invasion of privacy, negligence, breach of fiduciary duty and breach of implied contract.
The lawsuit currently sits with the US District Court in Nevada.
Impacted employees supported by casino operator
As employees come to terms with being impacted by an attack on personal data, Wynn Resorts has announced that it will support all staff with credit and identity protections.
"While the investigation is ongoing, we have elected to offer complimentary credit monitoring and identity protection to all employees", said Weaver.
"The security and confidentiality of our employees, as well as our guest data, is our top priority. While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents."
Cyber threat a real concern for operators
Weaver's concession that "no company can ever eliminate" the threat of a data breach points to a wider trend in the retail and online casino industry. Several gambling firms have been hit by sizable cyberattacks throughout the last decade.
Most notable is the 2023 attack on MGM and Caesars Entertainment by the international cyber criminal group, Scattered Spider.
Comprising native English speakers, Scattered Spider breached both operators' systems by contacting internal helpdesks posing as employees in a tactic known as 'social engineering'.
To attain sensitive credentials, members of the Group explained that they had forgotten or lost existing login details – using real private employee information to bypass security checks.
Public profiles, such as LinkedIn, and data available on the dark web were utilized to assemble a complete picture of an employee's personal information. This allowed criminals to impersonate staff.
Once Scattered Spider had acquired the necessary information to demand a ransom, the group contacted MGM and Caesars Entertainment.
MGM refused to meet ransom, but paid the price
Caesars agreed to pay $15m of the $30m ransom demanded, while MGM declined to engage with the criminal organization.
In turn, Scattered Spider shut down online and retail services across both brands, with one Las Vegas Reporter explaining that slot machines, elevators and parking gates at an MGM venue suddenly stopped working.
This prompted a statement by MGM CEO and President Bill Hornbuckle, who revealed that service functionality did not return for up to five days:
"For the next four or five days with 36,000 hotel rooms and some regional properties, we were completely in the dark", said Hornbuckle.
Scattered Spider had set a $30m ransom on MGM's data. As a consequence of refusing to comply with the group's demands, MGM suffered estimated total losses of $100m.
MGM continued to incur further costs beyond the attack – the company agreed to pay $45m following a lawsuit tied to security failings.
As cyberattack groups become more organized and complex – and with an unpredictable AI future – operators like Wynn Resorts must proactively reinforce safeguards to protect both employees and consumers.
