Wynn Resorts Employee Data Breached Following Extortion Threat
▼ Summary
– Wynn Resorts confirmed a hacker stole employee data after the company was listed on the ShinyHunters extortion gang’s leak site.
– The company launched an investigation and stated the attackers claimed to have deleted the stolen data, though it did not confirm if a ransom was paid.
– The breach did not impact guest operations, and the company is offering identity protection services to affected employees.
– ShinyHunters claimed to have stolen over 800,000 records containing personal information and gave a deadline before threatening to leak the data.
– ShinyHunters is a known extortion group that has recently claimed responsibility for breaches at multiple high-profile companies using tactics like phishing.
Wynn Resorts has confirmed a significant data breach involving employee information, following an extortion threat from the notorious ShinyHunters hacking group. The company stated that an unauthorized party acquired certain employee data, prompting an immediate investigation with the help of external cybersecurity experts. While operations for guests and physical properties remain unaffected, the breach has raised serious concerns about data security and corporate response to cyber threats.
Upon discovering the incident, the company activated its incident response protocols to contain the situation. In a public statement, Wynn Resorts explained that the attackers claimed to have deleted the stolen data. The organization is monitoring for any signs of the data being published or misused and is offering complimentary credit monitoring and identity protection services to its employees. The breach did not impact guest operations, ensuring that resorts and casinos continue to function normally.
The situation came to light after Wynn Resorts appeared on the ShinyHunters data leak site. The group’s post, which has since been removed, claimed possession of over 800,000 records containing personally identifiable information, including Social Security numbers and other employee data. The hackers issued a final warning for the company to make contact by February 23, 2026, threatening to leak the data and cause additional digital disruptions if their demands were not met.
Shortly after the listing appeared, it was taken down from the site. This action often indicates that negotiations are in progress or that claims are being disputed. Wynn Resorts has not disclosed whether a ransom was paid or confirmed the exact number of individuals affected. Similarly, representatives from ShinyHunters declined to comment on whether they received any payment from the company.
The hacking group previously asserted that they obtained the data from Wynn’s Oracle PeopleSoft environment, a system commonly used for human resources and financial management. ShinyHunters is well-known in cybersecurity circles for breaching organizations and demanding ransoms to prevent the publication of stolen data. Their tactics have evolved over time, targeting a wide range of companies through sophisticated methods.
In the past year, ShinyHunters executed a broad campaign aimed at stealing data from Salesforce platforms. They used social engineering techniques and compromised third-party OAuth tokens to gain access. More recently, the group has claimed responsibility for breaches affecting several high-profile companies, including Panera Bread, Betterment, SoundCloud, Canada Goose, PornHub, and the online dating giant Match Group.
Many of these incidents involved voice phishing attacks targeting single sign-on accounts at major providers like Google, Microsoft, and Okta. In these schemes, attackers impersonate IT support staff to trick employees into divulging login credentials and multi-factor authentication codes. Once they obtain this information, the hackers can hijack SSO accounts and access connected software applications.
After compromising accounts, the threat actors typically exfiltrate data from various SaaS platforms, such as Salesforce, Microsoft 365, Google Workspace, and many others. Their ability to move laterally across systems makes them particularly dangerous. The group has recently adopted device code vishing to steal Microsoft Entra authentication tokens, demonstrating their continuous adaptation of tactics to bypass security measures.
This incident underscores the persistent threat posed by cybercriminal groups specializing in data extortion. Organizations must remain vigilant, implementing robust security protocols and educating employees on recognizing phishing attempts. While Wynn Resorts works to mitigate the impact on its staff, the broader implications for data privacy and corporate cybersecurity are clear. Proactive defense and rapid response are essential in today’s digital landscape.
(Source: Bleeping Computer)
