Wynn Resorts has released a statement to confirm that it suffered a data breach. Reports emerged on Thursday that the extortion group ShinyHunters accessed 800,000 records and demanded a 22.34 Bitcoin ($1.5m) ransom, or else it would leak the information.
Wynn Resorts confirmed that an “unauthorized third party acquired certain employee data.” It immediately started following its incident response steps and launched an investigation alongside external cybersecurity experts.
casino company didn’t mention anything about paying a ransom
The casino company didn’t mention anything about paying a ransom. However, it did say that the hackers deleted the stolen data, which indicates that it reached some sort of agreement with ShinyHunters.
Wynn said that it hasn’t seen any evidence that the data was issued or published anywhere. It confirmed that guests weren’t impacted by the breach and that employees will receive free identity protection and credit monitoring.
ShinyHunters explained that it breached Wynn’s systems in September after obtaining credentials from an employee. It gained access to sensitive information through an Oracle PeopleSoft vulnerability, including employee Social Security Numbers.
One person didn’t waste any time taking action after the breach was reported. Richard Reed filed a class action lawsuit in Nevada on Saturday, claiming that Wynn failed to properly encrypt customer information. However, Wynn’s statement on Tuesday appears to contradict this claim, as the casino company said hackers accessed only employee information.
