Las Vegas-based high-end casino and hotel operator Wynn Resorts has confirmed that hackers have stolen employee data.
“We have learned that an unauthorized third party acquired certain employee data,” the company told SecurityWeek. “Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts.”
“This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business,” it added.
Wynn Resorts was added to the ShinyHunters data leak website on February 20, when the hackers claimed to have stolen more than 800,000 records containing personally identifiable information (including SSNs) and employee data.
“This is a final warning to reach out by 24 Feb 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the hackers said in a message addressed to Wynn Resorts at the time.
Wynn Resorts has since been removed from the ShinyHunters website and the company’s statement suggests a ransom may have been paid.
“The unauthorized third party has stated that the stolen data has been deleted,” the company said in an emailed statement. “We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.”
SecurityWeek has asked Wynn for confirmation that a ransom has indeed been paid, but the company declined to comment.
The Register previously reported that the cybercrime group had demanded a ransom of 22.34 bitcoin (roughly $1.5 million).
The luxury hospitality and gaming company said its investigation is ongoing, but it has decided to offer credit monitoring and identity protection services to affected employees.
“The security and confidentiality of our employees, as well as our guest data, is our top priority,” Wynn said. “While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents.”
The ShinyHunters group is believed to have targeted more than 100 organizations in recent campaigns, which often involve vishing and compromised SSO credentials.
The cybercriminals have named several major companies on their leak site in recent weeks, including Figure, Betterment, Crunchbase, SoundCloud, and Panera Bread.
Related: Ad Tech Company Optimizely Targeted in Cyberattack
Related: Ransomware Groups May Pivot Back to Encryption as Data Theft Tactics Falter
