Wynn Resorts Pays Off Hackers, Back to Business as Usual
A few days ago, we shared that Wynn Resorts had its employee database hacked and the culprits were demanding a $1.5 million ransom.
As we predicted, it appears Wynn Resorts has quietly paid the ransom (without confirming they did so), the hackers deleted the stolen data and it’s back to business as usual.
Disaster averted, insurance covers such business expenses and we get to say we told you so. Las Vegas loves a happy ending.
Because of the sensitivity of data breaches, it took a minute for Wynn Resorts to even acknowledge it happened.
We poked several times for comment, and received an official statement today (Feb. 24, 2026): “We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts. The unauthorized third party has stated that the stolen data has been deleted. We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused. This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business. Our guests can continue to expect the customer experience for which Wynn Resorts is known. While the investigation is ongoing, we have elected to offer complimentary credit monitoring and identity protection to all employees. The security and confidentiality of our employees, as well as our guest data, is our top priority. While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents.”
We pretty much spelled out how all this works in our previous story, based upon covering the MGM Resorts and Caesars Entertainment hacks in 2023. Caesars paid a $15 million ransom, MGM refused and it ultimately cost the company $100 million, and that doesn’t include the cost of prescription medication needed by MGM Resorts executives who had to deal with months of irate customers whose vacations were ruined as a result of system disruptions.
Boyd Gaming had a cyberattack, too. The ransom was paid in that case, too, as there was no disruption to business. It’s never been revealed how much was paid. Public companies have to submit information to the SEC about hacks, but they share as little as possible.
Private companies have no such reporting requirements, so those hacking incidents tend to go unreported. Trust us, they have happened many, many times. Casinos pay, hackers delete the data, lesson learned.
Anyway, it doesn’t take a rocket scientist to see Wynn Resorts paid the ransom, although, we may never learn how much was paid. Caesars Entertainment negotiated the ransom down from $30 million to $15 million. Yes, you can negotiate.
That’s why the hackers’ demands included a “starting price.” It’s all very fluid. Hackers are reasonable businesspersons!
Wynn Resorts, however, is unlikely to have quibbled over a paltry $1.5 million. They spend that much on fresh flowers for their high roller suites every day.
The hackers gave Wynn Resorts a Feb. 23, 2026 deadline to get in touch. Wynn Resorts did and promptly whipped out the ransom via Venmo. Or however people pay data thieves in Bitcoin these days.
To the shock of many, hackers have a sort of code of conduct, or honor among thieves. When they get paid, they actually delete the stolen data and make it so it can’t be recovered. (There are ways of confirming this, which is typically done by cybersecurity experts who are brought in to cash checks during a data incursion crisis.) Law enforcement is helpless, even at the federal level, although they sometimes catch up with the hackers months or years later.
Also predicted in our previous story: Lawsuits. It’s not bad enough a company has to deal with hackers, they have to also deal with bottom-feeding lawyers up for suing anybody with deep pockets.
Wynn Resorts has already been sued by a customer with some class action asshattery, despite the fact no customer data was breached. Lawyers don’t expect to win these cases, they expect to get paid via settlement. Their clients don’t really benefit much when all is said and done.
Kudos to Wynn Resorts for handling a painful situation with its usual class and aplomb. The company’s stock took a hit when the news about the hack broke, we trust it will recover swiftly now that the issue has been resolved with little harm being done financially or reputationally, which may or may not be an actual word.
The lesson to be learned from this saga: Never negotiate with terrorists!
And by that we mean lawyers.
Please try and keep up.
Leave your thoughts on “Wynn Resorts Pays Off Hackers, Back to Business as Usual”