Wynn Resorts Data Breach

Key Facts: Wynn Resorts Data Breach

• Date reported: February 24, 2026.
• Unauthorized access identified: September 2025.
• Target entity: Wynn Resorts (wynnresorts.com).
• Source of breach: ShinyHunters (extortion group).
• Data types: Approximately 800,000 employee records containing full names, Social Security numbers, dates of birth, email addresses, and phone numbers.
• Status: Confirmed; Wynn Resorts activated incident response protocols and is offering credit monitoring to affected employees.
• Severity: Critical; the breach involves a massive volume of highly sensitive personally identifiable information (PII) and was subject to a $1.5 million ransom demand.

Protect against attacks like ShinyHunters. See how UpGuard helps.

What happened in the Wynn Resorts data breach?

Wynn Resorts (wynnresorts.com) confirmed a critical security incident involving a hack by the threat actor group ShinyHunters, which was publicly reported on February 24, 2026. The breach involved the unauthorized access and theft of approximately 800,000 employee records. The incident originally occurred in September 2025 and was accompanied by a ransom demand of 22.34 Bitcoin (approximately $1.5 million).

The stolen data included highly sensitive personally identifiable information (PII) such as full names, Social Security numbers, email addresses, phone numbers, and birth dates. This incident is classified as critical due to the volume of records and the sensitivity of the data categories involved. While the threat actor claims the data has been deleted following the extortion attempt, a class action lawsuit has already been filed against the company. Such incidents typically increase the risk of targeted phishing and identity theft for those affected.

Who is behind the incident?

ShinyHunters is a prolific threat actor group known for targeting high-profile organizations to steal large databases for extortion or sale on dark web forums. Active since at least 2020, the group has been linked to numerous major breaches across various industries, often focusing on cloud repositories and web applications. Their methods typically involve credential stuffing, exploiting misconfigured cloud buckets, or leveraging stolen API keys. ShinyHunters often operates by demanding a ransom in exchange for not leaking stolen data, though their reliability in following through with deletions is frequently questioned by security experts.

Impact and risks for Wynn Resorts customers

The exposure of Social Security numbers and other personal identifiers poses a significant risk of identity theft and long-term financial fraud for the 800,000 affected individuals. Malicious actors may use this information to open unauthorized accounts or conduct sophisticated phishing campaigns designed to gain further access to personal finances. Even if the data was allegedly deleted, the initial theft creates a permanent risk of credential abuse and social engineering.

Impacted individuals should monitor their credit reports and remain vigilant against suspicious communications. Taking proactive steps like freezing credit and updating passwords can mitigate potential harm. Transparency from the organization remains essential to help victims respond effectively to these security threats.

How to protect against similar security incidents

Get instant alerts when your data appears on the dark web.

Frequently asked questions

What happened in the Wynn Resorts security breach?

ShinyHunters claimed responsibility for a security attack on Wynn Resorts (wynnresorts.com) in February 2026. The incident was first reported on February 24, 2026.

When did the Wynn Resorts breach occur?

The Wynn Resorts breach was publicly reported on February 24, 2026. ShinyHunters referenced the incident around that time, but the attack originated in September 2025 via a vulnerability in the company's Oracle PeopleSoft platform.

What data was exposed?

The breach involved over 800,000 records containing employee personally identifiable information (PII). This specifically included Social Security numbers, names, phone numbers, and dates of birth.

Is my personal information at risk?

If you are a current or former employee of Wynn Resorts, there is a high probability your personal information was affected. Similar incidents often involve sensitive identifiers like Social Security numbers. Stay alert for official notifications regarding credit monitoring services.

How can I protect myself after this data breach?

• Change your passwords immediately and use a password manager.
• Enable multi-factor authentication (MFA) on all sensitive accounts.
• Monitor your financial statements and credit reports for suspicious activity.
• Be wary of unsolicited emails or phone calls asking for personal information.
• Use data breach monitoring tools to receive alerts if your information is leaked.

What steps should companies take after being impacted by this breach?

Wynn Resorts is expected to secure its systems, notify affected parties, and provide guidance on protective actions. Companies in this situation often review their security measures and deploy attack surface management tools to prevent future occurrences.