Posted on: February 24, 2026, 09:10h.
Last updated on: February 25, 2026, 05:21h.
- Wynn Resorts has confirmed a breach affecting 800,000 employee records
- While the company hasn’t confirmed a ransom payment, they assert that the data was deleted
- The hackers have also removed their threat from their dark web site
On February 24, 2026, Wynn Resorts publicly acknowledged a significant data breach affecting a staggering 800,000 employee records. The breach was orchestrated by the notorious hacking group known as ShinyHunters, who infiltrated Wynn’s systems back in September 2025. The hackers demanded a ransom of $1.5 million in Bitcoin to prevent the potential leak of this sensitive information.
The compromised data reportedly includes critical information like full names, Social Security numbers, email addresses, phone numbers, and birth dates. A spokesperson for Wynn Resorts offered a statement acknowledging the breach but posited that the situation has been effectively managed. “The unauthorized third party has stated that the stolen data has been deleted,” the statement indicated.
While it remains unclear if any ransom was actually paid, Wynn’s assertion about the deletion of data raises questions given that ShinyHunters has successfully removed their threat against the company from their dark web platform. Cybercriminals typically don’t erase their threats or stolen data unless their demands are satisfied. Notably, the hackers had set a ransom deadline of February 23.
In communication with cybersecurity news outlet BleepingComputer, ShinyHunters refrained from commenting on whether they received any payment following the breach.
Details of the Breach
The hacking group ShinyHunters revealed that they exploited a vulnerability in Wynn’s Oracle PeopleSoft system, gaining access using the credentials of an employee in September 2025. They did not specify how they acquired these credentials, whether through social engineering tactics or direct purchase from an insider.
In response to the incident, Wynn Resorts quickly activated their incident response protocols and enlisted external cybersecurity experts to conduct a comprehensive investigation. As a precautionary measure, the company is offering affected current and former employees complimentary credit monitoring and identity protection services.
“We are monitoring closely and to date, have not seen any evidence that the data has been published or misused,” the spokesperson added. They emphasized that the incident has not disrupted services at their properties, which remain fully operational and open for business.
In a related development, California resident Richard Reed filed a federal class action lawsuit against Wynn Resorts on February 21. The lawsuit claims that the company failed to adequately protect the sensitive information of over 800,000 customers and employees. Reed’s lawsuit, which encompasses seven counts, seeks compensatory and consequential damages, asserting that the company neglected necessary security measures, such as encryption of stored data.
Even prior to the claims regarding the deletion of data, Wynn Resorts pushed back against the lawsuit, consistently asserting to media that no customer information had been compromised during the breach.
