Wynn Resorts has confirmed to CyberInsider that an unauthorized third party accessed employee data, following claims by the ShinyHunters extortion group that it had stolen hundreds of thousands of records from the Las Vegas hospitality giant.
The company says the incident did not affect guest operations and that there is no evidence of the data being published or misused.
Wynn Resorts is a major global hospitality operator headquartered in Las Vegas. The company owns and operates five integrated resorts across the United States and Asia, along with dozens of restaurants and high-end retail outlets. Its properties are known for luxury accommodations, gaming, and entertainment offerings, making the company a high-profile target for financially motivated threat actors.
In a statement sent to CyberInsider, Wynn acknowledged that “an unauthorized third party acquired certain employee data” and said it activated its incident response plan immediately upon discovery. The company engaged external cybersecurity experts to assist with a forensic investigation and containment efforts. According to Wynn, the threat actor has claimed the stolen data was deleted, and as of now, the firm has not observed signs of public leaks or abuse of the information.
The admission follows a post by the ShinyHunters cybercrime group, which last week listed Wynn on its dark web leak portal and demanded 22.34 Bitcoin, approximately $1.5 million, as a starting price to prevent the publication of the allegedly stolen files. The group set a February 23 deadline for the company to make contact, threatening to release the data and cause additional “digital problems” if its demands were not met.
ShinyHunters claimed to have accessed more than 800,000 employee records, with samples reportedly including full names, email addresses, phone numbers, job titles, salary information, start dates, dates of birth, and Social Security numbers. The group further alleged that initial access to Wynn’s systems was obtained in September 2025 by exploiting a vulnerability in Oracle PeopleSoft using an employee’s credentials.
In its statement, Wynn emphasized that the incident “has had no impact on our guest experience, our operations or our physical properties,” which remain fully operational. The company also said it is offering complimentary credit monitoring and identity protection services to all employees as a precautionary measure.
As of publication, Wynn’s name has been removed from ShinyHunters’ leak site. It is unclear whether this indicates that a resolution has been reached, that the attackers voluntarily took down the data, or that negotiations are ongoing behind the scenes.
Wynn employees should remain alert to phishing attempts and identity fraud. Affected individuals are advised to enroll in the offered credit monitoring services, review their financial statements for unauthorized activity, and consider placing a fraud alert or a credit freeze with the major credit bureaus.
Leave a Reply