Cybercriminals Assert Breach of Wynn Resorts, Request $1.5 Million to Prevent Data Leak

By Blog


Date of Posting: February 20, 2026, 03:20h.

Last Updated: February 20, 2026, 03:20h.

  • Cybercriminals demand a ransom of $1.5 million in Bitcoin after allegedly acquiring 800,000 internal records from Wynn Resorts
  • The breached data includes highly sensitive personal details such as Social Security numbers, salaries, and birthdates
  • The hackers exploited an Oracle vulnerability and used vishing tactics to infiltrate Wynn’s internal networks

A notorious data theft and extortion group claims to have compromised 800,000 internal records belonging to Wynn Resorts, demanding at least $1.5 million in Bitcoin to prevent exposure, as reported by The Register.

Wynn Las Vegas, Russian underground banking, money laundering, casinos, cartel cash
A cybercrime group has reportedly stolen personal data of numerous current and former Wynn Resorts employees. (Image: Shutterstock)

The stolen records allegedly include full names, Social Security numbers, email addresses, phone numbers, job titles, salaries, hire dates, and birthdays of both current and past Wynn employees.

The hacking group, identified as ShinyHunters, listed Wynn’s name on their leak site last week.

Wynn Resorts, which manages prominent luxury establishments in Las Vegas and Macau, has so far not verified the breach and has remained unresponsive to inquiries from various media outlets.

A graphic representation of a cyber hacker. (Image: Shutterstock)

ShinyHunters informed The Register that they gained entry into Wynn’s systems in September 2025 by exploiting a vulnerability in Oracle PeopleSoft using an employee’s credentials. The group hasn’t clarified whether these credentials were obtained via social engineering or bought from an insider.

ShinyHunters has increasingly turned to voice phishing, or “vishing,” to impersonate IT personnel and deceive employees into divulging login credentials and multi-factor authentication codes. This tactic is similar to that employed by Scattered Spider, the group implicated in the 2023 cyberattacks on MGM Resorts and Caesars Entertainment, which resulted in ransomware attacks, operational disruptions, and the theft of vast amounts of customer data.

Following these incidents, several arrests were made in the US and UK, including the 2025 apprehension of a teenager in Las Vegas connected to the casino hacks.

ShinyHunters, Scattered Spider, and the hacktivist group LAPSUS$ are now believed to be cooperating under a loosely affiliated extortion brand sometimes referred to as Scattered LAPSUS$ Hunters. Cybersecurity experts underscore that this does not constitute a formal merger but represents a collaborative effort among threat groups sharing infrastructure and methodologies.

In addition to leaking their data, ShinyHunters has warned Wynn Resorts of “several annoying issues” that will arise if the company does not comply with their demands by the specified deadline.

As it stands, Wynn Resorts has neither publicly acknowledged the breach nor responded to inquiries from multiple media channels.



Source link