Wynn Resorts Data Breach Sparks Lawsuits, Probe Begins

Wynn Resorts has officially acknowledged a significant data breach, confirming that an unauthorized party accessed sensitive employee information. The incident, linked to the hacking group ShinyHunters, involved the theft of approximately 800,000 records. The group demanded a ransom of 22.34 Bitcoin, equivalent to about $1.5 million, threatening to leak the stolen data.

In response, Wynn initiated an investigation with external cybersecurity experts to assess the situation and mitigate potential risks. The breach has prompted multiple class-action lawsuits alleging that the casino failed to adequately protect private information.

Wynn Cyberattack Details and Data Exposure

The cyberattack reportedly occurred in September, when ShinyHunters exploited a vulnerability in Oracle PeopleSoft to gain access to sensitive employee data, including Social Security Numbers. Following the breach, Wynn Resorts stated that it has not observed any evidence that the stolen data has been published or shared publicly.

The company emphasized that guest information remains secure and unaffected by the incident. In a proactive measure, Wynn has offered employees free identity protection and credit monitoring services to safeguard their personal information.

Despite Wynn's reassurance, the situation has led to legal repercussions. Richard Reed, a California resident, filed the first class-action lawsuit in Nevada just days after the breach was disclosed. He claims the casino failed to adequately encrypt sensitive customer information. However, Wynn's statement indicates that only employee data was compromised, suggesting a discrepancy between the lawsuit's claims and the company's official position.

Legal Fallout and Class-Action Lawsuits

In the wake of the breach, Wynn Resorts now faces multiple class-action lawsuits. Two additional lawsuits were filed in the US District Court in Nevada, alleging that the company failed to take sufficient measures to protect private information.

Henderson resident Drake Maynard and Las Vegas resident Tyrone Li filed the lawsuits. They echo Reed's initial complaint, asserting negligence, a breach of fiduciary duty, and other claims.

The plaintiffs argue that Wynn had the resources and personnel necessary to implement effective security protocols but failed to do so. They contend that this negligence led to the exposure of private information, placing both employees and customers at risk.

Wynn's Response and Cybersecurity Measures

Wynn Resorts has declined to disclose whether it paid the ransom demanded by ShinyHunters, maintaining its policy of silence on ongoing litigation. A company spokesman reiterated that the stolen data has been deleted, providing some reassurance amidst the turmoil. As the investigations continue, Wynn is expected to enhance its cybersecurity measures to prevent future breaches.

Lucas Michael Dunn is a prolific iGaming content writer with 8+ years of experience dissecting it all, from game and casino reviews to industry news, blogs, and guides. A psychology graduate and painter that transitioned into the iGaming world, his articles depend on proven data and tested insights to educate readers on the best gambling approaches. Beyond iGaming content craftsmanship, Lucas is an avid advocate for responsible play, focusing on empowering players to strike a balance between thrill and informed choices.

All Reviews by Lucas Dunn