ShinyHunters Claims Breach of Wynn Resorts, Leaks 800K Employee Records
The ransomware group ShinyHunters has allegedly breached Wynn Resorts, claiming to have stolen over 800,000 employee records and demanding 23.34 Bitcoin (≈$1.55 million) to delete the data. The group set a deadline of February 23, 2026, for payment, warning that failure to comply would result in the data being leaked on the dark web.
A sample of the stolen data, analyzed by The Register, includes full names, emails, phone numbers, job positions, salaries, start dates, birth dates, and other personal details enough to facilitate phishing attacks, credential theft, and financial fraud.
According to a group member, the breach occurred in September 2025 via an Oracle PeopleSoft vulnerability, exploiting compromised employee credentials. Wynn Resorts has not yet responded to the claims or media inquiries.
ShinyHunters has been highly active in recent months, targeting organizations through vishing scams and exploiting identity management systems like Okta. This incident follows high-profile attacks on Caesars Entertainment and MGM Resorts in September 2023, reinforcing concerns over cybersecurity vulnerabilities in the hospitality and gaming sectors.
Caesars Entertainment TPRM report: https://www.rankiteo.com/company/caesars-entertainment-inc
Oracle TPRM report: https://www.rankiteo.com/company/oracle
MGM Resorts TPRM report: https://www.rankiteo.com/company/mgm-resorts-international
Wynn Resorts TPRM report: https://www.rankiteo.com/company/wynnresorts
"id": "mgmcaeorawyn1771962331",
"linkid": "mgm-resorts-international, caesars-entertainment-inc, oracle, wynnresorts",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '800,000 employees',
'industry': 'Hospitality and Gaming',
'name': 'Wynn Resorts',
'type': 'Organization'}],
'attack_vector': 'Exploiting Oracle PeopleSoft vulnerability via compromised '
'employee credentials',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '800,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Emails',
'Phone numbers',
'Job positions',
'Salaries',
'Start dates',
'Birth dates',
'Other personal details']},
'date_detected': '2025-09',
'description': 'The ransomware group ShinyHunters has allegedly breached Wynn '
'Resorts, claiming to have stolen over 800,000 employee '
'records and demanding 23.34 Bitcoin (≈$1.55 million) to '
'delete the data. The group set a deadline of February 23, '
'2026, for payment, warning that failure to comply would '
'result in the data being leaked on the dark web. A sample of '
'the stolen data includes full names, emails, phone numbers, '
'job positions, salaries, start dates, birth dates, and other '
'personal details.',
'impact': {'data_compromised': '800,000 employee records',
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': 'Compromised employee credentials'},
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Exploitation of Oracle PeopleSoft '
'vulnerability via compromised '
'employee credentials'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '23.34 Bitcoin (≈$1.55 million)'},
'references': [{'source': 'The Register'}],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Claims Breach of Wynn Resorts, Leaks 800K Employee '
'Records',
'type': 'Ransomware',
'vulnerability_exploited': 'Oracle PeopleSoft vulnerability'}