Wynn Resorts
Analysis of the Wynn Resorts ransomware attack exposing customer and corporate data.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Wynn Resorts
American luxury hotel and casino company operating resort properties in Las Vegas, Macau, and the UAE.
Sector
Hospitality / Gaming
Region
United States
Date of Incident
Prior to February 2026 (exact date not disclosed)
Date Disclosed
February 2026
Estimated Impact
Unknown
Data Types Exposed
Customer names, contact details, reservation details, corporate documents
Attack Type
Ransomware
Attack Vector
Ransomware deployment (specific initial access vector not disclosed)
Current Status
Under investigation. Wynn Resorts has engaged external cybersecurity experts.
Severity Assessment
High. A major hospitality and gaming company compromised by ransomware, with customer reservation data and corporate documents exposed. The gaming sector has been increasingly targeted following high-profile casino breaches.
What Happened
In February 2026, Wynn Resorts disclosed a ransomware attack. The compromised data reportedly includes customer names, contacts, reservation details, and corporate documents.
The investigation is ongoing. Hospitality data includes travel patterns and financial details that are valuable for social engineering.
Timeline
February 2026
Wynn Resorts discloses ransomware attack affecting customer and corporate data
Impact and Risk Assessment
For Affected Individuals
Customers had their names, contact details, and reservation information exposed. Luxury hotel reservation data can reveal travel patterns and financial capacity.
For Organisations
Wynn Resorts faces reputational damage in a sector that has been repeatedly targeted by ransomware groups, following major incidents at MGM Resorts and Caesars Entertainment.
Corporate documents may contain sensitive business information about gaming operations, partnerships, and strategy.
Regulatory Context
Nevada Gaming Commission and state data breach notification laws apply. The gaming industry faces specific regulatory requirements for customer data protection.
What Should You Do?
If You Are a Potentially Affected Individual
If you have stayed at or made reservations with Wynn Resorts, be alert to phishing attempts that reference your travel details or loyalty programme.
If You Are a Security or Risk Professional
The hospitality and gaming sector should treat ransomware as a persistent threat and invest in endpoint detection, network segmentation, and incident response planning.
Following the MGM and Caesars incidents, the sector should have elevated its security posture. This breach raises questions about whether those lessons were widely adopted.
Learnings and Recommendations
The hospitality and gaming sector continues to be targeted by ransomware groups. These organisations hold a combination of customer PII, travel patterns, and financial data.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.