Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack

Summary

Wynn Resorts disclosed a data breach affecting 21,775 employees after the ShinyHunters cybercrime group claimed to have stolen over 800,000 records containing personally identifiable information and SSNs. The attack occurred in October 2025 targeting HR systems, and ShinyHunters' removal of Wynn from their leak site suggests the company likely paid a ransom of approximately $1.5 million in Bitcoin. Researchers attribute the operation to Scattered Lapsus$ Hunters, a supergroup formed from merged members of ShinyHunters, Lapsus$, and Scattered Spider.

Full text

High-end casino and hotel operator Wynn Resorts says more than 21,000 individuals are affected by the recently disclosed data breach. Wynn Resorts confirmed in late February that hackers had obtained employee data. The admission came after the notorious ShinyHunters cybercrime group claimed to have stolen more than 800,000 records containing personally identifiable information, including SSNs. Wynn Resorts data breach The hackers later removed Wynn from their leak website. This suggested that it had decided to pay a ransom, but the Las Vegas-based company declined to comment when contacted by SecurityWeek at the time. In a data breach notification filed in recent days with the Maine Attorney General’s Office, Wynn shared more details on the incident. “The threat actor has stated that all data has been deleted,” Wynn said in its notification to impacted individuals, which further reinforces the theory that a ransom has likely been paid. The hackers had reportedly sought a ransom of more than 22 bitcoin (roughly $1.5 million). Advertisement. Scroll to continue reading. The notification reveals that the attack occurred in October 2025 and targeted HR systems. The intrusion was likely part of a major ShinyHunters campaign that targeted over 100 organizations. While ShinyHunters has publicly claimed responsibility for the attacks, cybersecurity researchers believe the operation was carried out by Scattered Lapsus$ Hunters, a cybercrime supergroup formed in 2025 through the merger of members from ShinyHunters, Lapsus$, and Scattered Spider. The luxury hospitality and gaming company told the Maine AGO that the incident has impacted 21,775 employees. Affected individuals are being offered free credit monitoring and identity theft protection services. Related: T-Mobile Sets the Record Straight on Latest Data Breach Filing Related: Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign Related: European Commission Reports Cyber Intrusion and Data Theft Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs T-Mobile Sets the Record Straight on Latest Data Breach FilingApple Rolls Out DarkSword Exploit Protection to More DevicesCybersecurity M&A Roundup: 38 Deals Announced in March 2026Toy Giant Hasbro Hit by CyberattackExploited Zero-Day Among 21 Vulnerabilities Patched in ChromeFBI Warns of Data Security Risks From China-Made Mobile AppsGoogle Addresses Vertex Security Issues After Researchers Weaponize AI AgentsCensys Raises $70 Million for Internet Intelligence Platform Latest News Google DeepMind Researchers Map Web Attacks Against AI AgentsGuardarian Users Targeted With Malicious Strapi NPM PackagesNorth Korean Hackers Target High-Profile Node.js MaintainersFortinet Rushes Emergency Fixes for Exploited Zero-DayEuropean Commission Confirms Data Breach Linked to Trivy Supply Chain AttackTrueConf Zero-Day Exploited in Asian Government AttacksIn Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by RansomwareCritical ShareFile Flaws Lead to Unauthenticated RCE Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveScott Goree has been appointed Senior Vice President of Channel and Alliances at Delinea.Kai has named Nick Degnan as Chief Revenue Officer.Joe Sullivan has been appointed Strategic Advisor at cloud security firm Upwind.More People On The MoveExpert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Flipboard Reddit Whatsapp Whatsapp Email

Entities