The attack, which was reportedly carried out by the hacking group ShinyHunters, led to the theft of sensitive information, including names, phone numbers, and other private details of employees. The cybercriminals demanded a ransom of approximately $1.5 million in Bitcoin for the stolen data. In a statement, Wynn confirmed that the unauthorized third party had since claimed to have deleted the stolen data, and the company has not observed any signs of misuse or public disclosure.

Company’s Response to the Breach

Despite the severity of the breach, Wynn Resorts stressed that the attack had no effect on its guest experience or operations. According to the company, all its properties remained fully operational. Weaver explained, “This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business.”

In response to the breach, Wynn Resorts has offered affected employees complimentary credit monitoring and identity protection services, aiming to mitigate the potential risks from the breach. The company is also working with cybersecurity experts to bolster its systems and prevent future incidents.

Wynn Resorts has made it clear that the breach targeted employee data, not customer information. However, a class-action lawsuit filed by a customer raises doubts, alleging that the breach also involved the exposure of customer data. Richard Reed, the lead plaintiff, claims that Wynn’s failure to protect sensitive personal information led to the breach. The lawsuit follows a blog post from ShinyHunters that suggested over 800,000 customer records, including social security numbers, were stolen.

ShinyHunters Group and the Breach

ShinyHunters is a well-known hacking group that has previously targeted multiple industries, including entertainment and retail. This recent breach marks another incident in a growing trend of cyberattacks against major gaming companies. In 2023, MGM Resorts and Caesars Entertainment were both victims of significant data breaches, highlighting the vulnerability of the industry to cybercriminals.

As reported by GGRAsia, the hackers have claimed that the data has been deleted. “We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused,” Weaver stated. However, the company did not confirm whether the hackers had received the ransom payment.

While the company focuses on preventing future breaches, questions about the adequacy of its response remain. The class-action lawsuit filed by Reed argues that Wynn Resorts failed to properly protect customer data, which may have contributed to the breach. Despite these allegations, the company maintains that only employee information was involved in the breach.

The lawsuit adds to the legal pressure facing Wynn Resorts, which has already dealt with multiple cybersecurity threats. In its 2024 Securities and Exchange Commission filing, Wynn acknowledged the growing risk of cyberattacks and warned that its systems might still be vulnerable to future breaches. The company has pledged to invest in stronger data protection measures to safeguard against evolving threats.

The incident also highlights the increasing regulatory scrutiny of data security in the gaming industry. Companies in the sector must now navigate both the reputational risks and financial consequences of such breaches, which may include costly settlements, fines, and damage to their public image.