Wynn Resorts Ltd. has confirmed a cyber incident that compromised employee data, initially reported by local outlets on Friday. The company revealed that an unauthorized party accessed specific employee details during a cyberattack, although they noted that the attackers claimed the stolen data has been erased, with no current evidence of any harmful use.

The Las Vegas-based casino titan has not revealed if it paid the $1.5 million ransom reportedly demanded by the hacking group ShinyHunters, which asserted that it obtained 800,000 files containing employee information.

In a statement shared via email, Wynn representatives stated: “We discovered that an unauthorized third party obtained certain employee data. Immediately upon learning of this breach, we activated our incident response protocols and began a comprehensive review with external cybersecurity professionals.”

The correspondence further indicated that the unauthorized third party “has asserted that the stolen data has been removed. We are continuously monitoring the situation and have yet to find any evidence that the information has been disclosed or misused in any manner.”

Wynn confirmed that this incident has not affected guest services or operations, stating that all seven of its resorts continue to function normally.

“Guests can maintain the high-level service expected from Wynn Resorts,” the statement emphasized. “While our investigation is ongoing, we have decided to provide free credit monitoring and identity protection for all employees.”

“The security and privacy of our employees, and our guests’ data, is our highest priority. While it is impossible for any business to completely eliminate the risks associated with cyber threats, we are taking necessary actions and collaborating with top-tier external IT consultants to enhance our defenses against future incidents.”

A potential class-action lawsuit has been initiated by a customer worried about the possibility of personal information exposure, although there is no indication that customer data was included in the breach.

In a filing with the U.S. Securities and Exchange Commission in December 2024, Wynn had already indicated potential vulnerabilities to cyber threats despite existing security protocols.

“Despite our current security measures, the systems and facilities we operate, along with those of our third-party data service providers, could be susceptible to breaches, acts of vandalism, phishing attempts, malware, ransomware, and other related incidents,” the filing stated.

“Cyber threats are becoming increasingly complex and harder to predict, prevent, and identify, making it crucial to update the technology we rely on to safeguard our systems from breaches or compromises.”

The company has acknowledged prior breaches but confirmed that none have significantly impacted its financial status.

“We have faced data security breaches previously and anticipate experiencing more in the future; however, none of these have been material to our business, performance metrics, or financial standing,” the filing explained.

The company also noted it “may need to make substantial additional investments in data protection and infrastructure, including new system implementations, upgrades to existing systems, increased staffing, protective technologies, engaging consultants, and staff training,” as reported by the Las Vegas Review-Journal.

Shares of Wynn, listed on Nasdaq, experienced a 6.4% drop on Monday but rebounded by 2% on Tuesday, closing at $109.44.