Wynn Resorts says hackers “deleted stolen data”, yet notice reveal 21,000 affected

Published: 7 April 2026
Last updated: 8 April 2026
wynn resorts 3

A data breach at Wynn Resorts has affected over 21,000 staff members, despite the company reportedly paying a ransom.

Wynn Resorts disclosed the data breach after stressing that threat actors had deleted all the stolen data.

Wynn Resorts operates some of the most recognizable high-end hotels and casinos in Las Vegas and Macau, generating approximately $1.87 billion in revenue. The company has around 28,000 employees.

ADVERTISEMENT

On April 3rd, the company filed a notice with the Maine Attorney General, stating that the incident impacted 21,775 people.

According to the notice, the breach was discovered on February 20th, 2026. Cybernews reported on the attack, which was allegedly carried out by the hacker collective ShinyHunters, and contacted Wynn Resorts for confirmation.

The attackers alleged they had stolen more than 800,000 records, including personal and employee information, threatening the company to leak the data publicly if Wynn Resorts didn’t meet their demands.

Paying ransom may not save the data

However, when the deadline approached, the gang deleted the post on its dark web site.

In a statement to Cybernews, Wynn Resorts confirmed that the breach affected “certain employee data” but stressed that it did not affect operations or guests' experience.

“The unauthorized third party has stated that the stolen data has been deleted,” the company also wrote in a statement.

This claim leaves more questions than answers, as it suggests the company may have paid a ransom. At the time, however, the company refused to comment on this.

ADVERTISEMENT

Wynn Resorts offers identity protection services

According to documents submitted to the authorities, unauthorized access to Wynn Resorts’ systems dates back to October 2025, when attackers gained access to certain human resources systems.

The company said it notified law enforcement and engaged third-party forensic experts shortly after discovering the intrusion.

The conversation on this topic is live. Join in the discussion.

In the notice, the company repeatedly cited threat actors' claims that they would delete the data.

“We are not aware of any identity theft or fraud involving your data that is attributable to this matter,” the company said.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“To help relieve any concerns,” it offered two years of free credit monitoring and identity theft protection to affected individuals.

The current notice to authorities adds another layer of complexity to ransom payments. Doing so doesn’t necessarily protect the company or clients from the gang leaking the data anyway.

ADVERTISEMENT

Not to mention the obvious wrongdoing of funding criminal operations and encouraging attackers to target other organizations or even hit the same victims again.

While cybersecurity units and law enforcement are cracking down on ransomware ecosystems, research shows that ransomware payments decreased in both frequency and amount in 2025.

Reports show that the average payments dropped by up to 66%.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked