ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data

Steven

ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data

Summary

Cybercrime group ShinyHunters claims to have stolen more than 800,000 Wynn Resorts employee records and is demanding 22.34 Bitcoin (about $1.5m) as a “starting price” to avoid leaking the data. The group set a February 23 deadline for Wynn to “reach out,” threatening to publish the records and cause additional digital disruption if the demand is not met.

Samples seen by The Register reportedly include full names, emails, phone numbers, Social Security numbers, positions, salaries, start dates, birthdays and other personal details. A spokesperson for ShinyHunters told reporters the intruders gained initial access in September 2025 via an Oracle PeopleSoft vulnerability using an employee’s credentials. Wynn Resorts had not commented at the time of reporting.

The incident is part of a string of recent ShinyHunters intrusions and follows earlier high-profile casino-targeted attacks linked to groups with ties to ShinyHunters and Scattered Spider, which used social engineering and SSO abuse in previous strikes against major resort chains.

Key Points

  • ShinyHunters claims to have taken more than 800,000 Wynn Resorts employee records, including Social Security numbers and other sensitive PII.
  • The extortion demand is 22.34 BTC (about $1.5m) with a public deadline to contact the group to avoid a leak and “annoying” digital problems.
  • Attackers say they gained initial access in Sept 2025 via an Oracle PeopleSoft vulnerability using an employee’s credentials.
  • Samples include detailed employee data: names, emails, phone numbers, salaries, dates of birth and start dates.
  • The claimed breach follows a run of ShinyHunters incidents and echoes previous casino attacks that abused SSO, voice-phishing and insider access.

Context and relevance

This matters because the data set reportedly contains highly sensitive personally identifiable information that can be used for identity theft, targeted social engineering and credential stuffing. Hospitality and resort operators are attractive targets due to large workforces, guest data, and often complex third-party systems (like PeopleSoft). The incident underscores persistent trends: exploitation of known application vulnerabilities, abuse of compromised credentials or insider access, and extortion-driven data leaks.

For security teams, HR and legal departments, the breach raises immediate obligations around notification, credit monitoring for affected staff, and accelerated patching or mitigation of vulnerable systems. For the industry, it is a reminder to harden identity controls, tighten vendor and employee access policies, and monitor for signs of data exfiltration.

Why should I read this?

Short version: if you run or secure business systems, especially HR/payroll platforms like PeopleSoft, pay attention. We’ve done the quick read for you — this story flags a big stash of employee PII, a hefty extortion demand, and a familiar playbook (vulnerabilities + credentials + social engineering). If you’re responsible for staff data, incident response or vendor risk, this is worth a look now, not later.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2026/02/20/shinyhunters_wynn_resorts/