There's new information on the recent cyber attack on Wynn Resorts, one of Las Vegas's high-end casino and hotel operators.
Hackers stole employee data but have now reportedly deleted it.
“The unauthorized third party has stated that the stolen data has been deleted,” the company said in a statement. “We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.”
This incident has brought attention to the increasing threat of cyber attacks on large companies, including the one suffered by Boyd Gaming in the fall.
Nevada's state computer systems were also hit by a major ransomware attack last year, and another incident shut down the Jackpot Junction Casino in Minnesota in April.
Tribal casino leaders recently held a cybersecurity summit to look for ways to combat such attacks.
What Happened?
On February 20, the cybercrime group ShinyHunters claimed to have stolen over 800,000 records of employee data from Wynn Resorts.
This sensitive information included full names, emails, phone numbers, job positions, salaries, start dates, birthdays, and potentially Social Security numbers.
To prevent the data from being leaked, the hackers demanded a ransom of approximately $1.5 million, payable in Bitcoin, with a deadline set for February 24, 2026.
“This is a final warning to reach out by 24 Feb 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the hackers said in a message addressed to Wynn Resorts at the time.
Wynn Resorts Responds
In response, Wynn Resorts quickly activated its incident response protocols and began a thorough investigation with the help of external cybersecurity experts. In the statement, they confirmed the data breach but emphasized that there was no impact on their guest services or operations, which remain fully functional.
“The security and confidentiality of our employees, as well as our guest data, is our top priority,” Wynn said. “While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents.”
As of now, there is no evidence that the data has been published or misused, although the company continues to monitor the situation closely.
While Wynn Resorts has not publicly confirmed or denied paying the ransom, its removal from ShinyHunters' leak site, coupled with reports that the data was deleted, has led to speculation that a payment might have been made to resolve the extortion.
Impact of the Cyber Attack
The data breach appears to be limited to employee information from HR systems, with no customer or operational systems affected. In light of the attack, Wynn Resorts is offering credit monitoring to affected employees to help protect their identities.
Additionally, a federal class-action lawsuit has been filed, alleging negligence in securing employee data. Meanwhile, Wynn Resorts experienced an initial 6% drop in their stock value, though there has been some recovery since the news broke.
Lessons from the Incident
This cyber attack highlights a common pattern used by groups like ShinyHunters, where victims are listed publicly to pressure them into making payments.
It underscores the importance of strong cybersecurity measures to protect sensitive information. Wynn Resorts' response and ongoing monitoring reflect the critical role of incident response protocols in managing such situations effectively.
In today’s digital world, cyber attacks are a real threat, and companies must remain vigilant to protect their data and their reputation.
