High-end casino and hotel operator Wynn Resorts says more than 21,000 individuals are affected by the recently disclosed data breach.
Wynn Resorts confirmed in late February that hackers had obtained employee data.
The admission came after the notorious ShinyHunters cybercrime group claimed to have stolen more than 800,000 records containing personally identifiable information, including SSNs.
The hackers later removed Wynn from their leak website. This suggested that it had decided to pay a ransom, but the Las Vegas-based company declined to comment when contacted by SecurityWeek at the time.
In a data breach notification filed in recent days with the Maine Attorney General’s Office, Wynn shared more details on the incident.
“The threat actor has stated that all data has been deleted,” Wynn said in its notification to impacted individuals, which further reinforces the theory that a ransom has likely been paid.
The hackers had reportedly sought a ransom of more than 22 bitcoin (roughly $1.5 million).
The notification reveals that the attack occurred in October 2025 and targeted HR systems. The intrusion was likely part of a major ShinyHunters campaign that targeted over 100 organizations.
While ShinyHunters has publicly claimed responsibility for the attacks, cybersecurity researchers believe the operation was carried out by Scattered Lapsus$ Hunters, a cybercrime supergroup formed in 2025 through the merger of members from ShinyHunters, Lapsus$, and Scattered Spider.
The luxury hospitality and gaming company told the Maine AGO that the incident has impacted 21,775 employees. Affected individuals are being offered free credit monitoring and identity theft protection services.
Related: T-Mobile Sets the Record Straight on Latest Data Breach Filing
Related: Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign
Related: European Commission Reports Cyber Intrusion and Data Theft
