Wynn Resorts faces second lawsuit after data breach incident involving employees
Wynn Resorts says it has contained a recent cybersecurity breach involving employee information and insists that hotel operations and guest services were not affected. Even so, the company is now facing a second federal class action lawsuit tied to the same incident.
The Las Vegas-based casino and resort operator told ReadWrite that it moved quickly after detecting unauthorized access inside its systems. Outside cybersecurity specialists were brought in to assess what happened and to help secure the network.
We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts.
“The unauthorized third party has stated that the stolen data has been deleted. We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.
“This incident has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business. Our guests can continue to expect the customer experience for which Wynn Resorts is known.
“While the investigation is ongoing, we have elected to offer complimentary credit monitoring and identity protection to all employees. The security and confidentiality of our employees, as well as our guest data, is our top priority. While no company can ever eliminate the risk of a cyberattack, we are taking appropriate steps and working with industry-leading third-party IT advisors to strengthen our systems to protect against future incidents.”
Second federal class action lawsuit filed in Nevada court against Wynn following data breach
Despite those assurances, a new complaint reviewed by ReadWrite was filed on Tuesday (February 24), in the U.S. District Court for the District of Nevada. The case names Wynn Resorts Holdings, LLC as the defendant. It follows an earlier class action that was previously reported in connection with the same breach.
The latest lawsuit was brought by Las Vegas resident Tyrone Li, who is seeking to represent a proposed nationwide class of people whose personally identifiable information was allegedly exposed. The lawsuit alleges that “on or about February 20, 2026, the notorious ransomware group ShinyHunters gained unauthorized access to Defendant’s IT Network.”
Court filings claim the attackers obtained more than 800,000 records. The suit further alleges that the hackers later threatened to release the information unless their demands were satisfied.
Plaintiffs argue that the compromised data includes names, Social Security numbers, dates of birth, phone numbers and detailed employment records. The complaint contends that Wynn failed to adequately secure that sensitive information. It also claims critical data was not encrypted and that notification to affected individuals was not timely, increasing the risk of identity theft and fraud.
While Wynn has said the outside party claimed the data was deleted and that there is no evidence so far of misuse, Li argues that the consequences of the breach are ongoing. The filing states that “Plaintiff and Class Members have lost the ability to control their private information and are subject to an increased risk of identity theft.” It also alleges that, because of the company’s actions, affected individuals “are at a heightened risk of identity theft for years to come.”
The filing also asserts that the company did not fully explain the scope of the breach or clearly outline what security protections were in place when the intrusion occurred.
The plaintiffs are asking the court to certify the case as a class action and award monetary damages. They are also seeking an order requiring Wynn to strengthen its cybersecurity safeguards. In addition, the lawsuit calls for extended credit monitoring and identity protection services for those whose information was allegedly exposed. The lawsuit asserts claims for negligence, negligence per se, unjust enrichment, and breach of implied contract.
Wynn has not yet submitted a formal response to the second complaint, and the court has not set a hearing date. If the case moves forward as a class action, it could proceed alongside the earlier lawsuit, intensifying legal scrutiny over how the company handled employee data and its broader cybersecurity practices.
For now, Wynn maintains that its properties remain open and operating normally, and that guests can expect business as usual.
ReadWrite has reached out to Wynn Resorts for comment on the latest update.
Featured Image: Credit to WiNG on Wikimedia Commons / CC 3.0 license
The post Wynn Resorts faces second lawsuit after data breach incident involving employees appeared first on ReadWrite.
