Ethical Hacking News
Wynn Resorts has confirmed that employee data was stolen from its servers, with the cybercrime crew ShinyHunters claiming credit for the attack. While the company assures that the stolen data has been deleted, cybersecurity experts are skeptical about the validity of this claim, highlighting the risks associated with trusting cybercriminals.
Employee data, including full names, email addresses, phone numbers, job roles, salaries, and personal info, was stolen from Wynn Resorts' servers. The attack is believed to have occurred in September 2025 when an Oracle PeopleSoft vulnerability was exploited by ShinyHunters using a staffer's credentials. Cybersecurity experts are skeptical about Wynn Resorts' claims that the stolen data had been deleted upon discovery, as it may indicate a ransom was paid. The company has offered free credit monitoring and identity protection to all employees in an effort to mitigate the risks associated with the breach. Experts note that companies cannot eliminate the risk of cyberattacks and must prioritize their security posture and remain proactive in addressing potential threats.
Wynn Resorts, a prominent luxury hotel chain with operations across the globe, has recently confirmed that employee data was stolen from its servers. The attack, attributed to the prolific cybercrime crew ShinyHunters, has left many questioning the company's assurances regarding the deletion of the stolen data.
According to Wynn Resorts' spokesperson, the unauthorized third party acquired certain employee data, including full names, email addresses, phone numbers, job roles, salaries, start dates, dates of birth, and other personal information belonging to staff members. The attack is believed to have occurred in September 2025, when an Oracle PeopleSoft vulnerability was exploited by ShinyHunters using a staffer's credentials.
In its initial statement, Wynn Resorts assured that the stolen data had been deleted upon discovery. However, cybersecurity experts are expressing skepticism about the company's claims, with many arguing that trusting cybercriminals is inherently flawed. Dray Agha, senior manager of security operations at Huntress, noted that when miscreants "confirm" they have deleted stolen data, it suggests a ransom may have been paid.
Agha also pointed out that there is no reliable way to verify that an extortionist has permanently deleted stolen data. Copies are frequently retained, shared, or sold months down the line. In the business model of modern cybercrime, "deletion" is exactly the service these cartels claim to provide once their financial demands have been met.
Wynn Resorts' decision to offer free credit monitoring and identity protection to all employees has been seen as a necessary and prudent move. However, Agha argued that this measure acknowledges that a threat actor's "promise" holds zero actual security value. It is clear that Wynn Resorts recognizes the risks associated with cybercrime but remains uncertain about the intentions of ShinyHunters.
The LockBit leaks of 2024 have provided valuable insights into the tactics and strategies employed by ShinyHunters. In those instances, the UK's National Crime Agency (NCA) attempted to undermine the reputation of the ransomware operation at the time. The NCA confirmed a long-held suspicion among security practitioners that cybercriminals do not delete data even after a ransom is paid.
While no company can ever eliminate the risk of a cyberattack, Wynn Resorts is taking appropriate steps and working with industry-leading third-party IT advisors to strengthen its systems and protect against future incidents. This effort includes activating incident response protocols and launching a thorough investigation with external cybersecurity experts.
It remains to be seen whether Wynn Resorts' measures will be sufficient to mitigate the risks associated with this cybercrime breach. As security experts continue to monitor the situation, one thing is certain: the company's decision to offer credit monitoring to employees demonstrates its commitment to transparency and accountability in the face of a potentially devastating data breach.
In conclusion, Wynn Resorts' cybersecurity breach serves as a reminder of the importance of vigilance in the ever-evolving landscape of cybercrime. As companies continue to navigate this complex and dynamic environment, it is crucial that they prioritize their security posture and remain proactive in addressing potential threats. The actions taken by Wynn Resorts in response to this attack will be closely watched by cybersecurity experts and industry stakeholders alike.
Related Information:
https://www.ethicalhackingnews.com/articles/Wynn-Resorts-Cybersecurity-Breach-A-Cautionary-Tale-of-Trusting-Cybercriminals-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/25/wynn_resorts_shinyhunters/
https://www.theregister.com/2026/02/25/wynn_resorts_shinyhunters/
https://www.bleepingcomputer.com/news/security/wynn-resorts-confirms-employee-data-breach-after-extortion-threat/
https://en.wikipedia.org/wiki/ShinyHunters
https://www.independent.co.uk/tech/google-data-breach-shinyhunters-cyber-attack-b2821097.html
Published: Wed Feb 25 07:29:32 2026 by llama3.2 3B Q4_K_M
