Data Breach Lawsuit Claims Wynn Resorts Failed to Protect Private Info From Cyberattack

New to ClassAction.org? Read our Newswire Disclaimer

A proposed class action lawsuit claims that Wynn Resorts failed to protect sensitive personal information in its care from a data breach first brought to light in February 2026.

Want to stay in the loop on class action lawsuits that matter to you? Sign up for ClassAction.org’s free weekly newsletter.

The 55-page data breach lawsuit says that a hacker group called ShinyHunters announced on February 20 that it had stolen from the casino operator more than 800,000 records containing highly sensitive personal information. The suit alleges Wynn Resorts failed to protect, encrypt or redact the information, and that the data was compromised due to the defendant’s “negligent and/or careless acts and omissions.”

Specifically, the complaint claims that Wynn Resorts failed to comply with data security guidelines established by the Federal Trade Commission (FTC), most notably by encrypting sensitive data and deleting the information after it is no longer needed for a given transaction.

Wynn Resorts’ alleged failure to adhere to FTC data security standards, the filing scathes, is particularly egregious because it should have known the value of that information and the damage its misuse can cause, especially given that companies like the defendant are ripe targets for cyberattacks.

Related Reading: Data Breach Class Action Lawsuits

Further, the lawsuit says that Wynn Resorts’ notice sent to potential victims of the data breach lacked key details, including the root cause of the incident, the identity of the perpetrators, and the measures taken to ensure such an incident does not happen again.

The complaint also alleges that the notice did not clarify whether the company attempted to contact affected clients or if it established any sort of channel for proposed class members to report the misuse of their stolen data to Wynn Resorts.

Per the filing, the stolen information included valuable identity credentials—such as names, state IDs and driver’s licenses, Social Security numbers and dates of birth—that can easily be used by criminals to commit identity theft or fraud.

Wynn Resorts acknowledged in an email that an unauthorized party acquired certain employee data records, but that the stolen data was deleted by the unauthorized party. Officials from Wynn Resorts did not state whether the company paid the $1.5 million ransom demand from the suspected cybercriminals, the Review-Journal reported.

The Wynn Resorts class action lawsuit seeks to represent all United States residents whose private information was acquired or accessed by an unauthorized party because of the data breach, including all who were notified of the breach by Wynn Resorts.

Check out ClassAction.org’s lawsuit list for the latest open class action lawsuits and investigations.