TLDR
- Hacker group ShinyHunters stole data on 800,000 Wynn Resorts employees, including Social Security numbers, demanding a $1.5 million ransom.
- Wynn confirmed an “unauthorized third party acquired certain employee data” but has not confirmed whether the ransom was paid.
- Two federal lawsuits have been filed seeking class-action status — one by a former employee, one by a customer.
- Wynn is offering credit monitoring and identity protection to affected employees while investigating.
- UBS lowered its price target on Wynn Resorts (WYNN) to $146 from $148, but kept its Buy rating.
Wynn Resorts is facing two federal lawsuits after a cyberattack exposed data on roughly 800,000 current and former employees.
The company confirmed in a statement Tuesday that an “unauthorized third party acquired certain employee data.” That’s about as far as Wynn has gone publicly.
The attack was first reported Friday by The Register. According to the outlet, extortionist hacker group ShinyHunters was behind it.
The stolen records reportedly include Social Security numbers and other private details. The group set a ransom demand of $1.5 million.
Wynn has not said whether it paid the ransom. Michael Weaver, the company’s chief communications and brand officer, said the hackers claim to have since deleted the data.
“We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused,” Weaver said.
Weaver added that the incident has had no effect on guest experience, operations, or physical properties, which remain open.
Former employee Drake Maynard filed suit Tuesday in U.S. District Court in Las Vegas. The lawsuit seeks class-action status covering nearly anyone affected by the breach.
Maynard alleges Wynn failed to notify him promptly and did not have “adequate data security measures” in place. The complaint claims Wynn violated the FTC Act by failing to use reasonable measures to protect private information.
The lawsuit states employees face risks including identity theft, fraud, and the personal time and cost of dealing with the fallout. The amount in controversy is listed as exceeding $5 million.
The complaint also asks the court to require Wynn to implement security protocols that meet industry standards.
A Second Lawsuit Filed
A California man named Richard Reed, who identifies as a Wynn customer rather than an employee, filed a separate suit Saturday. Reed is also seeking class-action status, arguing the resort was negligent in handling private information.
Wynn’s public statement, however, only references employee data being taken — not customer data.
Wynn is offering credit monitoring and identity protection to affected employees while its investigation continues. The company said it is working with third-party IT advisors to strengthen its systems.
Context and Price Target
This is not the first time a major Las Vegas resort has been hit. MGM Resorts and Caesars Entertainment both suffered data breaches in 2023. Cybersecurity firm ReliaQuest linked that activity to the same group behind the Wynn attack. Caesars paid $15 million to resolve its breach.
Data breach victim notices in the U.S. hit roughly 1.37 billion in 2024 before dropping to about 279 million in 2025, according to the Identity Theft Resource Center. A record 3,322 publicly reported compromises occurred in 2025.
Separately, UBS on Tuesday trimmed its price target on WYNN to $146 from $148, while keeping a Buy rating. The firm noted Wynn is shifting from a development-focused story to one centered on free cash flow generation, with geographically diversified cash flow expected to rise after its Al Marjan property opens in Q1 2027.
