The Wynn Resorts may have been the subject of a far-reaching data breach, resulting in the loss of 800,000 internal records.
Wynn Resorts Faces New Threat from Hacking Group
According to a specialist media publication, which interviewed the perpetrators, The Register, the ShinyHunters hacking collective is now demanding $1.5 million in Bitcoin to prevent a leak.
The information obtained by the hackers includes social security numbers, email addresses, phone numbers, salaries, birth dates, job titles, and more, affecting present and former Wynn employees.
The ShinyHunters spoke to the publication and said that the breach took place in September 2025 and involved a weakness in the Oracle PeopleSoft solution, which was exploited with the help of an employee’s credentials.
The group did not specify whether it had hacked the employee or used social engineering to obtain the details.
Social engineering is a form of impersonation that hackers have been increasingly successful at using, resetting passwords while pretending to be the original account holder.
Threats Faced by the Industry Continue to Multiply
It has been known to work in other large-scale hacking cases, particularly against the gambling industry and specifically the methods used by the Scattered Spider hacking collective in their attacks on MGM Resorts and Caesars Entertainment. Some of the perpetrators were in their teens when the attacks occurred.
ShinyHunters have been known to leverage such practices through vishing – voice phishing to impersonate IT staff and track employees.
Wynn must now choose how to respond, with the hacking collective planning to also enact further chaos on the company in the form of “several other annoying problems” should it refuse to pay.
