Representatives of Wynn Resorts Ltd. has remained tight-lipped about a data security breach reported Friday and whether executives paid a $1.5 million ransom demanded by a suspected team of hackers.
The hacking extortion group calling itself ShinyHunters had set a deadline for payment on Monday and threatened to release all or some of the 800,000 files it allegedly stole from the company that contained the full names, emails, phone numbers, job titles, salaries, start dates, birthdays and other personal information of Wynn Resorts employees, according to published reports.
It is unclear whether Wynn officials paid the ransom and how they are cooperating with federal authorities investigating the breach. The company did not respond to requests from the Review Journal Monday or Tuesday.
But the company acknowledged more than a month ago that it could be vulnerable to cyberattacks just like those that occurred in 2023 and 2025 against Caesars Entertainment Inc., MGM Resorts International and Boyd Gaming Corp.
SEC Filing
In a December 2024 Securities and Exchange Commission filing, Wynn officials indicated they could be attacked despite the efforts the company has made to protect itself.
In its 2024 annual report, published with the SEC on December 31, 2024, the company warned of potential security breaches as one of the company’s financial risks.
“Despite the security measures we currently have in place, our facilities and systems and those of our third-party information systems providers may be vulnerable to security breaches, vandalism, phishing attacks, computer viruses, worms, ransomware, malware, misplaced or lost data, programming or human error and other events,” the filing said. “Cyber attacks are increasingly difficult to predict, prevent and detect due to their rapidly evolving nature and as a result the technology we use to protect our systems from being breached or compromised may become obsolete due to advances in computing capabilities or other technological developments.”
The report acknowledged previous violations, but none that significantly affected the company’s finances.
“We have experienced data security incidents in the past and expect to experience additional incidents in the future, but to date no such incidents have been material to our business, results of operations or financial condition,” the SEC filing said.
“Any future perceived or actual electronic or physical security breach involving the misappropriation, loss or other unauthorized disclosure of confidential or personally identifiable information, including the penetration of our network security, whether by us or by a third-party information system service provider, could disrupt our business, damage our reputation and our relationships with our customers or employees, expose us to fines, penalties and fines, and lead to the loss of our customers’ and employees’ trust in us deteriorates, and negatively affects our operations, operating results and financial position.”
As threats evolve, Wynn said in the SEC filing that the company “may find it necessary to make significant additional investments to protect data and our infrastructure, including implementing new computer systems or upgrades to existing systems, deploying additional personnel and security-related technology, engaging third-party consultants and training employees.”
This is a development story. Check back for updates.
–
