Wynn Resorts Confirms Cyberattack & Extortion Threat, Claims Data Deleted

Posted on: February 24, 2026, 09:10h. 

Last updated on: February 24, 2026, 09:10h.

Corey Levitan Read More
Expertise: Commercial Gaming, Entertainment, Expert Insight, Las Vegas, Restaurants, Vegas Myths Busted.
  • Wynn Resorts has confirmed a breach of 800,000 employee records stolen by hackers
  • While a ransom payment remains unconfirmed, Wynn claims they were told the data was deleted
  • The hackers also removed their threat to Wynn from their dark web site

Wynn Resorts on Tuesday confirmed the massive data breach and extortion attempt reported by multiple media outlets. In September 2025, a prolific data-theft and extortion gang called ShinyHunters stole 800,000 employee records from the gaming giant and demanded $1.5 million in Bitcoin to prevent a leak.

Wynn Las Vegas
Wynn Las Vegas. Operator Wynn Resorts is selling $800 million in debt. Some of the proceeds will be used to pay a fine to the Department of Justice. (Image: Wynn Resorts)

The data reportedly included full names, Social Security numbers, email addresses, phone numbers, and birthdays.

A statement from a Wynn spokesperson on Tuesday, Feb. 24, admitted the breach but claimed the problem was addressed.

“The unauthorized third party has stated that the stolen data has been deleted,” it read.

Though the statement didn’t indicate whether any ransom was paid, there is almost no other conclusion that can be drawn. In addition to Wynn’s claim about the deleted data, ShinyHunters removed its threat against the company from its dark web site.

Cybercriminals aren’t known for deleting their extortion threats, or their stolen data, unless their demands are met. (The deadline set by ShinyHunters for the ransom payment was Monday, Feb. 23.)

ShinyHunters told the cybersecurity news site BleepingComputer that they also had no comment on whether they received a payment.

How It Happened

ShinyHunters, which listed Wynn Resorts on its dark web leak site last Thursday, told British tech website The Register that it gained access to Wynn’s systems in September 2025 by exploiting an Oracle PeopleSoft vulnerability using an employee’s credentials. The group did not specify whether those credentials were stolen through social engineering or purchased from an insider.

“Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts,” Wynn’s statement said.

As a precaution, it is offering complimentary credit monitoring and identity protection services to all affected current and former employees.

“We are monitoring and to date, have not seen any evidence that the data has been published or otherwise misused,” Wynn’s statement continued, adding that the incident “has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business.”

In related news, California resident Richard Reed filed a federal class action lawsuit against Wynn Resorts on Feb. 21, alleging that the casino failed to protect the information of more than 800,000 customers as well as employees.  

Reed’s lawsuit seeks compensatory and consequential damages, bringing seven counts against Wynn for failing to take security measures, such as storing the data without encryption.

Even before announcing the hacker’s claimed deletion of the data, Wynn pushed back on the lawsuit, telling favored media outlets that no customer information had been accessed.