Wynn Resorts Confirms Cyberattack, Disputes Customer Data Breach Lawsuit

Key Points

• Wynn Resorts confirmed a cybersecurity incident shortly after a class action lawsuit was filed.
• The company says unauthorised access affected employee data only, not customer information.
• A lawsuit claims hackers stole data linked to more than 800,000 Wynn customers.
• Wynn disputes these claims and says operations and guest services were not impacted.
• Hackers reportedly demanded a large bitcoin ransom, though payment remains unclear.
• Wynn offered free credit monitoring and identity protection to affected employees.
• The case will continue in federal court, where the scope of the breach will be examined.

Wynn Resorts just confirmed a cyberattack hit them, only days after facing a class action lawsuit. Now they’re pushing back against the claims in court. The company says hackers got into employee data, but customer records and guest systems stayed safe. They made this statement after the lawsuit drew a lot of public attention, with accusations that Wynn didn’t do enough to protect personal information.

Wynn Resorts Confirms Cybersecurity Incident

Filed in Nevada, the case Reed v. Wynn Resorts Limited accuses the hacking group ShinyHunters of taking personal data from more than 800,000 customers. The company answered that the event involved only current and former employees, and it said that guests and routine business functions saw no effect. Leaders within the organisation also stated that properties remain open, and they confirmed that normal operations continue without change.

Company Denies Impact on Customer Data

Wynn didn’t admit to the breach until the media started asking questions. Reuters pointed to an email from the company’s chief communications officer, who explained that they found out someone got into some employee data without permission. Right away, they kicked off an investigation. Then Wynn brought in outside cybersecurity experts to figure out what happened and make sure it doesn’t happen again.

Hacker Claims and Company Response

Wynn says the unauthorised party claimed to have deleted the stolen data after the breach. The company keeps an eye on the situation and hasn’t seen any sign that the data surfaced or got used anywhere. Wynn insists the incident didn’t impact guests, daily business, or its properties. In a separate statement, the company called it a cybersecurity event limited to employee information. Still, Wynn won’t say how many employees got caught up in it, nor will it confirm if it paid any ransom. Meanwhile, a spokesperson for the hackers told Reuters they demanded 22.34 bitcoin, roughly $1.5 million.

Lawsuit Alleges Customer Data Exposure

The hacking group hasn’t said if Wynn paid up, but they claim they already deleted the stolen data. That’s a sharp contrast to the lawsuit, which insists there was a massive leak of customer records from the company. According to the legal filing, hackers got their hands on more than 800,000 digital records tied to Wynn customers. The documents say this data included social security numbers and other extremely sensitive personal details. Richard Reed, the plaintiff, says Wynn dropped the ball on protecting customer information, and that’s what opened the door to the breach. He argues this failure puts customers in real danger and the risks haven’t gone away.

Legal Duties and Data Protection Claims

The complaint points to an announcement from ShinyHunters, who openly took credit for stealing these records. It says Wynn had a clear legal responsibility to safeguard the private information it collects and uses. The lawsuit claims Wynn dropped the ball; they left sensitive data sitting in their systems, unencrypted and unredacted. Hackers went after this information because it’s valuable for identity theft and fraud. The filing warns victims face real, ongoing risks, including financial losses and stolen identities. It even lists the type of data exposed: names, email addresses, contact details, and possibly account info.

Criticism of Notification and Transparency

Through its public statements, Wynn disputes these claims and maintains that customer data remained untouched. This opposing view now anchors the legal dispute as the case advances within the court system. The lawsuit also criticises the way Wynn communicated with people affected after the incident occurred. The complaint states that the company’s Notice Letter did not set out crucial details regarding the breach. It allegedly failed to disclose who executed the attack, how it took place, and what preventive actions the company adopted for the future.

Employee Support and Ongoing Investigation

The lawsuit demands a jury trial, financial compensation, class certification, and other legal remedies. While the investigation plays out, Wynn decided to give every employee free credit monitoring and identity protection. The company says it’s acting out of caution as they look into what happened.

Industry Cyber Risks and Context

Wynn spotted cybersecurity risks early on, mentioning them in its regulatory filings well before this latest dispute came up. Back in December 2024, the company said cyber threats keep getting more complex and aren’t easy to predict. They also admitted that security systems can fall behind because technology moves fast. The lawsuit claims Wynn should’ve seen these threats coming, especially given that other big casino players like MGM Resorts International and Caesars Entertainment had already fallen victim to cyberattacks. Which makes it pretty clear, big resort groups keep getting targeted because they’re sitting on a goldmine of personal data and that’s what hackers are after.

What Happens Next?

Wynn Resorts has a big footprint, with five properties spread out across Las Vegas, Boston and Macau and a global workforce of a whopping 28,000 people. Add in annual revenues of $1.87 billion and you’re talking about one of the big boys in the resort business, the real major players. With a business that’s this big, Wynn not only has a commanding presence in the market but also takes on a huge challenge when it comes to staying one step ahead of cyber threats. The next development in this battle is the ongoing Reed v. Wynn Resorts Limited case, which is now making its way through federal court in Nevada. Wynn is firmly denying any wrongdoing & is sticking to the line that the breach only had an impact on employee data. The court will now have to determine whether in fact customer details were exposed in the breach as well or if, as Wynn is claiming, this incident really was just a contained affair.