Wynn Resorts Confirms the Breach, Faces First Customer Lawsuit

Wynn Resorts is dealing with more than a bad week on the stock market. The luxury casino company confirmed that an unauthorized third party accessed employee data last week, though the company says the stolen information has reportedly been deleted.

The Breach Affected 800,000 Employees 

“We have learned that an unauthorized third party acquired certain employee data,” Wynn spokesman Michael Weaver explained. 

“Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts,” he continued.

The breach affected roughly 800,000 employee records, including full names, emails, phone numbers, job titles, salaries, start dates, and birthdays. 

The company said it would offer everyone affected two years of credit monitoring and identity protection, while stressing that there is no evidence so far that the information has been published or misused. 

Operations across Wynn’s seven resort properties have remained unaffected, the company further informed the public.

The breach came with a potential ransom demand of $1.5 million from a hacker group calling itself ShinyHunters. Wynn has not disclosed whether the ransom was paid, though its shares dropped 6% on Monday before rebounding slightly on Tuesday.

First Lawsuit Filed

Just one day after the breach became public, a lawsuit was filed in the US District Court for Nevada. The complaint alleges that Wynn failed to properly encrypt sensitive customer information, including Social Security numbers, and didn’t adequately safeguard the data against hackers. 

Plaintiffs argue that the risk of identity theft is ongoing and say that identity monitoring alone isn’t enough to mitigate potential long-term damage. The lawsuit is seeking damages, injunctive relief, and an overhaul of Wynn’s data security practices.

Wynn has publicly stated that the company takes security seriously and continues to work with cybersecurity experts to prevent future incidents. 

Wynn’s 2024 SEC filings had already included clear warnings regarding potential cyberattacks, using the examples of past breaches at other big casinos and taking into account the constantly-changing threats that could disrupt operations or harm its reputation.

“We remain committed to protecting both employee and customer data,” Weaver said. “While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps to strengthen our systems and prevent future incidents,” the company spokesman added.