Wynn Resorts Hit by ShinyHunters Data Breach Affecting 21,000 Staff

Post Views: 9

Wynn Resorts Data Breach: Over 21,000 Employees Impacted

In a recent disclosure, luxury hospitality and gaming company Wynn Resorts revealed that more than 21,000 employees were affected by a data breach perpetrated by the notorious ShinyHunters cybercrime group.

The Attack Details

The incident occurred in October 2025, when ShinyHunters compromised HR systems within Wynn Resorts.
The attackers stole over 800,000 records containing personally identifiable information, including Social Security Numbers (SSNs).
The company confirmed in a data breach notification filed with the Maine Attorney General’s Office that the threat actor had indeed obtained this sensitive data.

According to Wynn Resorts, “The attackers initially demanded more than 22 bitcoin (approximately $1.5 million) in exchange for not releasing the stolen data.”

The Aftermath

Cybersecurity researchers believe that the ShinyHunters operation was actually carried out by Scattered Lapsus$ Hunters, a cybercrime supergroup formed in 2025 through the merger of members from ShinyHunters, Lapsus$, and Scattered Spider. This sophisticated group has been linked to numerous high-profile attacks targeting over 100 organizations.

As a result of the breach, Wynn Resorts has taken steps to protect its employees, offering free credit monitoring and identity theft protection services to those affected. The company emphasized that the threat actor has stated that all data has been deleted, although this claim cannot be independently verified.

A Warning for Organizations

The incident serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to prioritize the protection of sensitive data.