There is an update to the Wynn Resorts data breach previously reported in February. At the time, ShinyHunters claimed to have exfiltrated 800,000 records containing customer and employee data, and they threatened to leak the data if Wynn Resorts didn’t pay the ransom demand.
Now Cybernews reports that a Wynn Resorts notification to the Maine Attorney General’s Office reported that the breach affected a total of 21,775 people. The resort had previously confirmed the breach to Cybernews, but had said it affected some employee data. They did not mention customer data, and the sample notification letter appended to the Maine notice is to employees. It is not clear whether any customer data was actually involved.
There is also the question of whether Wynn Resorts paid ShinyHunters any ransom. Wynn Resorts had noted that the data had been deleted, but neither confirmed nor denied paying any ransom to accomplish that. The fact that the data were deleted will suggest to some that Wynn Resorts did pay ShinyHunters to have the data removed. Whether it was truly fully deleted is unknown.
