Casino and gaming companies have become popular targets for criminals, and that was the case for Wynn Resorts over the weekend. Hackers demanded $1.5 million by Monday and threatened to release 800,000 employee records if the demand wasn’t met.
The hackers identified themselves as “ShinyHunters.” They contacted Wynn last Friday, the Las Vegas Review-Journal reported. It’s unclear whether the ransom was paid or if more demands were made.
The Register reported the group stole full names, emails, phone numbers, positions, salaries, start dates, birthdays, and other personal information of company workers. The group gained access to Wynn’s systems in September, according to the outlet, via an Oracle PeopleSoft vulnerability.
It’s unknown if ShinyHunters has gained access to customer information. Wynn hasn’t commented on the cyberattack so far.
Growing Concerns Over Ransomware Attacks
In addition to the ransom demand, Wynn also faces a class-action lawsuit in Nevada over the attacks. California resident Richard Reed accuses the company of negligence, unjust enrichment, invasion of privacy, breach of fiduciary duty, and breach of implied contract.
Ransomware attacks are a growing concern for many businesses around the world. Statista reports that seven out of 10 cyberattacks in 2023 were ransomware attacks, with more than 317 million attempts recorded.
Between 2022 and 2023, hackers supposedly collected $1.1 billion from threatened businesses. Since then, companies seem less inclined to pay.
In the fourth quarter of 2023, only 29% of attacks worldwide resulted in a ransom payment. That was a 41% drop from the third quarter. The average amount paid also dropped from $850,000 to $569,000.
History of Recent Casino Cyberattacks
This is just the latest cyberattack involving Las Vegas casinos. In September, Boyd Gaming acknowledged a security breach in a filing with the Securities and Exchange Commission. The company said hackers gained access to some employee information and “a limited number of other individuals.”
The 2023 attacks against MGM affected the company’s casinos across the country and ultimately cost MGM $100 million. At the same time, Caesars Entertainment was attacked. It ultimately paid a $15 million ransom to regain control of many of its systems. The Register reports that ShinyHunters was responsible for both of those attacks as well.
Attackers have also targeted online casino operators. In 2023, Mexican online gambling operator Strendus allegedly left player data accessible online after failing to set a password to secure the information.
In 2022, PokerStars experienced hacking attempts during the World Championship of Online Poker tournament series. As a result, the company postponed several tournaments for later in the year. PokerStars noted that player information was safe.
More recently, PokerGO experienced a DDoS attack at the start of the World Series of Poker main event final table. The issue was quickly resolved and viewers didn’t miss much of the coverage.
