Cyberhackers Claim Wynn Resorts Breach, Demand $1.5Million to Stop Data Leak

  • Hackers demand $1.5 million in Bitcoin after claiming to steal 800,000 internal Wynn Resorts employee records
  • The stolen data contains sensitive personal information including Social Security numbers, salaries, and birth dates
  • The extortionists used an Oracle vulnerability and vishing tactics to compromise Wynn’s internal systems

A prolific data‑theft and extortion gang claims to have stolen 800,000 internal records from Wynn Resorts and wants at least $1.5 million in Bitcoin to prevent a leak, according to The Register.

Wynn Las Vegas, Chinese underground banking, money laundering, casinos, cartel cash
A cyberhacker gang has claimed to have stolen personal information from thousands of current and former employees of Wynn Resorts. (Image: Shutterstock)

The records reportedly include the full names, Social Security numbers, email addresses, phone numbers, job titles, salaries, start dates and birthdays of current and former Wynn employees.

The hacking crew, known as ShinyHunters, posted Wynn’s name on its leak site last week and is

Wynn Resorts, which operates major luxury properties in Las Vegas and Macau, has not confirmed the breach and did not respond to inquiries from multiple outlets.

A stock representation of a cyberhacker. (Image: Shutterstock)

ShinyHunters told The Register that it gained access to Wynn’s systems in September 2025 by exploiting an Oracle PeopleSoft vulnerability using an employee’s credentials. The group did not specify whether those credentials were stolen through social engineering or purchased from an insider.

ShinyHunters has increasingly relied on voice phishing, or “vishing,” to impersonate IT staff and trick employees into surrendering login credentials and multi‑factor authentication codes. This method mirrors the tactics used by Scattered Spider, the group responsible for the 2023 cyberattacks on MGM Resorts and Caesars Entertainment, which resulted in ransomware deployment, operational disruptions, and the theft of tens of thousands of customer records.

Multiple arrests followed in the US and UK, including the 2025 detention of a Las Vegas teenager linked to the casino hacks.

ShinyHunters, Scattered Spider, and the hacking collective LAPSUS$ are now believed to operate under a loose co-branded extortion identity sometimes referred to as Scattered LAPSUS$ Hunters. Cybersecurity researchers emphasize that this is not a formal merger but a fluid collaboration among threat clusters that share infrastructure and techniques.

In addition to leaking its data, ShinyHunters has also threated Wynn Resorts with “several annoying problems that’ll come your way” if the company refuses to comply by deadline.

Wynn Resorts has not publicly confirmed the breach or responded to inquiries from multiple outlets.

 

Corey Levitan joined Casino.org in 2022 after a long career covering Las Vegas. He currently covers entertainment, dining and gaming news in Las Vegas.

Corey spent six years covering the Vegas Strip for the Las Vegas Review-Journal, where he also wrote the most popular humor column in the city’s history. (For “Fear and Loafing,” he tried out 176 Vegas jobs, including poker player, blackjack dealer and Follie Bergere dancer.)

Corey has won more than 100 local, state and national awards for his journalism, which has also appeared in Rolling Stone, New York Magazine and the New York Post.

Corey is a New York native whose hobbies include playing guitar, trying to be a better husband, and arguing with strangers on Facebook.

Contact Corey at corey@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.