Cybercriminals have set a Monday deadline demanding a $1.5 million ransom from Wynn Resorts Ltd., threatening to release some of the 800,000 records they claim they stole from the Las Vegas-based resort company’s computers.
A hacking extortion group identifying itself as ShinyHunters reportedly contacted the company on Friday demanding payment and threatening to publicly release Wynn employees’ full names, emails, phone numbers, positions, salaries, start dates, birthdays and other personal information, The Register and other cybersecurity publications reported.
Company officials did not immediately respond to emailed questions and phone calls seeking confirmation of the threat or comment.
The company has also been confronted with a class action in connection with the ransom demand. California resident Richard Reed on Saturday filed a seven-count complaint in US District Court in Nevada against Wynn alleging negligence, gross negligence, unjust enrichment, invasion of privacy, breach of fiduciary duty and breach of implied contract, and seeking a declaratory judgment.
There is no indication that ShinyHunters had also stolen data involving Wynn guests.
The reported cyberattack is the fourth instance of cybercriminals reportedly infiltrating computerized systems belonging to major casino companies operating in Las Vegas.
In 2023, Reno-based Caesars Entertainment Inc. paid a $15 million ransom to criminals who broke into its systems in August.
MGM Resorts International’s systems were attacked in September 2023 with resort systems down for nine days, disrupting thousands of customers. Company officials said the attack ultimately cost the company $100 million.
In September 2025, Boyd Gaming Corp. reported in a notification from the Securities and Exchange Commission that it had been attacked. The company never disclosed whether it paid a ransom to the criminals or how much the data breach cost it.
In addition to these breaches, the off-Strip hotel Oyo Las Vegas reported that it was attacked in January 2025. Few details about that attack emerged when it was made public last September.
This is a development story. Check back for updates.
–
