ShinyHunters claim theft of Wynn Resorts data

In the United States, the hacker group ShinyHunters has claimed the theft of more than 800,000 employee data records belonging to land-based casino operator Wynn Resorts in Las Vegas and is demanding $1.5 million (22.34 BTC) from the company to keep the data private, report The Register.

Ransom demand and deadline

According to the publication, the hackers set a deadline of February 23 for the company to make contact.

At the time of publication, Wynn Resorts had not officially confirmed the incident and had not responded to media inquiries.

Scope and content of the stolen data

According to information from The Register, the database contains Social Security numbers, full names, email addresses, phone numbers, job titles, salaries, as well as employees’ start dates and dates of birth.

Journalists reviewed selected samples of the data, which confirmed the authenticity of part of the information.

Method of gaining system access

According to ShinyHunters, initial access to Wynn Resorts’ internal systems was obtained as early as September 2025.

Oracle PeopleSoft vulnerability

The hackers claim they exploited an Oracle PeopleSoft vulnerability and used the credentials of one of the company’s employees.

The group did not specify whether the data was obtained through voluntary credential sharing by the employee or by other means.

Additional context of the incident

ShinyHunters set a starting price for the stolen files at 22.34 BTC, which is equivalent to approximately $1.5 million.

According to The Register, the hacker group has previously been linked to data breach incidents involving major companies and has used various methods to gain access to corporate systems.