Representatives of Wynn Resorts Ltd. have continued to stay quiet about a data security breach reported Friday and whether executives paid a $1.5 million ransom demanded from a suspected team of computer hackers.
The computer hacking extortion group calling itself ShinyHunters had set a Monday deadline for payment, threatening to release all or some of the 800,000 files it allegedly stole from the company that contained the full names, emails, phone numbers, positions, salaries, start dates, birthdays and other personal information of Wynn Resorts employees, according to published reports.
It’s unclear whether Wynn officials paid the ransom and how it is cooperating with federal authorities investigating the breach. The company did not respond to inquiries from the Review-Journal Monday or Tuesday.
But the company acknowledged more than a month ago that it could be vulnerable to cyberattacks just like those that occurred in 2023 and 2025 to Caesars Entertainment Inc., MGM Resorts International and Boyd Gaming Corp.
SEC filing
In a Securities and Exchange Commission filing in December 2024, Wynn officials indicated they could be attacked despite the efforts the company has made to protect itself.
In its 2024 annual report, posted with the SEC Dec. 31, 2024, the company warned of potential security breaches as one of the company’s financial risks.
“Despite the security measures we currently have in place, our facilities and systems and those of our third-party information system service providers may be vulnerable to security breaches, acts of vandalism, phishing attacks, computer viruses, worms, ransomware, malicious software programs, misplaced or lost data, programming or human errors and other events,” the filing said. “Cyberattacks are becoming increasingly more difficult to anticipate, prevent and detect due to their rapidly evolving nature and, as a result, the technology we use to protect our systems from being breached or compromised could become outdated due to advances in computer capabilities or other technological developments.”
The filing acknowledged past breaches, but nothing that materially affected company finances.
“We have experienced data security incidents in the past and expect to experience additional incidents in the future; however, to date no such incidents have been material to our business, operating results or financial condition,” the SEC filing says.
“Any future perceived or actual electronic or physical security breach involving the misappropriation, loss, or other unauthorized disclosure of confidential or personally identifiable information, including penetration of our network security, whether by us or by a third-party information system service provider, could disrupt our business, damage our reputation and our relationships with our customers or employees, expose us to risks of litigation, significant fines and penalties and liability, result in the deterioration of our customers’ and employees’ confidence in us, and adversely affect our business, results of operations and financial condition.”
As threats develop, Wynn said in the SEC filing that the company “may find it necessary to make significant further investments to protect data and our infrastructure, including the implementation of new computer systems or upgrades to existing systems, deployment of additional personnel and protection-related technologies, engagement of third-party consultants, and training of employees.”
This is a developing story. Check back for updates.
Contact Richard N. Velotta at rvelotta@reviewjournal.com or 702-477-3893. Follow @RickVelotta on X.