Station Casinos has confirmed a cybersecurity incident after filing a data breach notice with regulators, making it the latest casino operator in Las Vegas to report a system intrusion tied to unauthorized access.

The Las Vegas-based gaming company disclosed the breach in a filing submitted to the Maine Attorney General’s Office. According to the notice, the incident took place on March 5, 2026, and the company identified the unauthorized activity on the same day. Consumer notifications began on May 21, 2026.

At this stage, Station Casinos has not revealed the full extent of the breach or identified which internal systems may have been affected. The company also has not confirmed the total number of individuals impacted by the incident.

Regulatory documents stated that at least one Maine resident was affected by the breach. Additional details regarding the overall scope remain unavailable.

Company Investigates Potential Data Exposure

Station Casinos said the breach involved unauthorized access carried out by an external threat actor. Information disclosed in filings indicates that names were among the confirmed data elements exposed during the incident. The company also warned that additional personal information may have been compromised.

Potentially exposed information could include Social Security numbers, financial account details, payment card information, dates of birth, email addresses, phone numbers and driver’s license numbers.

The company began notifying affected individuals through written correspondence on May 21. Station Casinos also advised anyone who believes they may have been affected, but has not received notification, to contact the company directly for additional information.

Cybernews reported that it contacted the casino operator seeking further comment regarding the breach, though no response had been received at the time of publication.

Station Casinos operates several well-known casino and resort properties across the Las Vegas Valley through its parent company, Red Rock Resorts. Its portfolio includes Red Rock Casino Resort Spa, Green Valley Ranch Resort Spa Casino, Palace Station Hotel & Casino, Boulder Station, Sunset Station and Durango Casino & Resort.

Red Rock Resorts has reported more than $2 billion in revenue.

Prior Technical Disruptions Resurface

Although Station Casinos has not previously disclosed any major cybersecurity breaches publicly, reports of technical disruptions involving company systems have surfaced in the past.

In August 2025, Reddit users discussed outages allegedly affecting slot machines and ATM operations at some Station Casinos properties. One post stated, “Red Rocks casino is currently down, along with the ATMs.” The same post added, “This is ongoing, and it may relate to all Station Casinos.”

No cybersecurity incident was confirmed at the time, leaving uncertainty over whether the reported outages stemmed from technical problems or another issue.

The company also experienced operational disruption in 2024 during the widespread CrowdStrike outage that affected approximately 8.5 million Windows devices globally.

Casinos Continue to Face Cybersecurity Threats

The breach at Station Casinos adds to a growing number of cyber incidents involving gambling and hospitality operators in recent years, particularly in Las Vegas.

In 2023, MGM Resorts and Caesars Entertainment were targeted in ransomware attacks linked to the Scattered Spider and ALPHV groups. Those attacks disrupted casino operations across Las Vegas, with MGM reportedly sustaining losses exceeding $100 million.

Boyd Gaming later disclosed a separate cyberattack in 2025 that involved the theft of employee information, including Social Security numbers. The incident led to legal action filed by employees against the company.

Cybersecurity concerns also expanded beyond Las Vegas properties. In 2025, the Anubis ransomware group claimed responsibility for breaching the Catawba Two Kings Casino project, reportedly stealing architectural plans that included details related to security systems and the casino vault.

DraftKings also disclosed a credential-stuffing attack that allowed unauthorized access to customer accounts and sensitive personal information.

More recently, ShinyHunters claimed to have stolen 800,000 records from Wynn Resorts in 2026 and threatened to publish the data. Wynn later confirmed the breach and stated that the stolen information had not been released publicly. Reports published in April 2026 indicated that more than 21,000 employees had been affected by the incident. Company statements also suggested that a ransom payment was likely made to the attackers.