Wynn Resorts confirms employee data breach after ShinyHunters leak site listing

Wynn Resorts confirmed that a hacker accessed and stole employee data from its systems after the company appeared on the ShinyHunters extortion group’s data leak site, prompting an internal investigation and engagement with external cybersecurity experts.

The Las Vegas-based Wynn Resorts said it activated its incident response procedures upon discovering the breach and launched a comprehensive review of the incident.

The company acknowledged that “an unauthorized third party acquired certain employee data.” It stated that it immediately initiated its response protocols and began a thorough investigation with outside cybersecurity specialists.

Wynn said the unauthorized party claimed the stolen data had been deleted. The company reported that it is monitoring the situation and has not identified any evidence that the information has been published or otherwise misused. Wynn did not disclose how many individuals were affected and did not address whether a ransom was paid.

The company emphasized that the incident did not disrupt guest operations or impact its physical casino and resort properties, which remain fully operational. Wynn is offering complimentary credit monitoring and identity protection services to affected employees.

The confirmation followed Wynn Resorts’ appearance Thursday on the leak site operated by the ShinyHunters data extortion group. In a post that was later removed, the attackers claimed to have obtained more than 800,000 records containing personally identifiable information, including Social Security numbers and employee data. The post warned the company to make contact by Feb. 23, 2026, or the data would be released.

Shortly after the warning, Wynn’s listing was removed from the site, a development commonly associated with ongoing negotiations or disputed claims.

ShinyHunters is known for breaching organizations and threatening to publish stolen data unless payment demands are met. The group has operated across multiple underground forums and extortion portals and has claimed responsibility for numerous high-profile data theft incidents.

In the past year, ShinyHunters conducted a broad campaign targeting companies’ Salesforce environments through social engineering and the abuse of stolen third-party OAuth tokens. The group has recently claimed breaches involving Panera Bread, Betterment, SoundCloud, Canada Goose, Pornhub and Match Group.