Cyberhackers Claim Wynn Resorts Breach, Demand $1.5Million to Stop Data Leak

Posted on: February 20, 2026, 03:20h. 

Last updated on: February 20, 2026, 03:20h.

Corey Levitan Read More
Expertise: Commercial Gaming, Entertainment, Expert Insight, Las Vegas, Restaurants, Vegas Myths Busted.
  • Hackers demand $1.5 million in Bitcoin after claiming to steal 800,000 internal Wynn Resorts employee records
  • The stolen data contains sensitive personal information including Social Security numbers, salaries, and birth dates
  • The extortionists used an Oracle vulnerability and vishing tactics to compromise Wynn’s internal systems

A prolific data‑theft and extortion gang claims to have stolen 800,000 internal records from Wynn Resorts and wants at least $1.5 million in Bitcoin to prevent a leak, according to The Register.

Wynn Las Vegas, Chinese underground banking, money laundering, casinos, cartel cash
A cyberhacker gang has claimed to have stolen personal information from thousands of current and former employees of Wynn Resorts. (Image: Shutterstock)

The records reportedly include the full names, Social Security numbers, email addresses, phone numbers, job titles, salaries, start dates and birthdays of current and former Wynn employees.

The hacking crew, known as ShinyHunters, posted Wynn’s name on its leak site last week and is

Wynn Resorts, which operates major luxury properties in Las Vegas and Macau, has not confirmed the breach and did not respond to inquiries from multiple outlets.

A stock representation of a cyberhacker. (Image: Shutterstock)

ShinyHunters told The Register that it gained access to Wynn’s systems in September 2025 by exploiting an Oracle PeopleSoft vulnerability using an employee’s credentials. The group did not specify whether those credentials were stolen through social engineering or purchased from an insider.

ShinyHunters has increasingly relied on voice phishing, or “vishing,” to impersonate IT staff and trick employees into surrendering login credentials and multi‑factor authentication codes. This method mirrors the tactics used by Scattered Spider, the group responsible for the 2023 cyberattacks on MGM Resorts and Caesars Entertainment, which resulted in ransomware deployment, operational disruptions, and the theft of tens of thousands of customer records.

Multiple arrests followed in the US and UK, including the 2025 detention of a Las Vegas teenager linked to the casino hacks.

ShinyHunters, Scattered Spider, and the hacking collective LAPSUS$ are now believed to operate under a loose co-branded extortion identity sometimes referred to as Scattered LAPSUS$ Hunters. Cybersecurity researchers emphasize that this is not a formal merger but a fluid collaboration among threat clusters that share infrastructure and techniques.

In addition to leaking its data, ShinyHunters has also threated Wynn Resorts with “several annoying problems that’ll come your way” if the company refuses to comply by deadline.

Wynn Resorts has not publicly confirmed the breach or responded to inquiries from multiple outlets.