Wynn Resorts is facing mounting legal trouble in the wake of its recent cybersecurity incident, as a wave of class action lawsuits moves through federal court. The company maintains the situation is under control, but plaintiffs argue the fallout is far more serious.
Wynn previously told ReadWrite that “an unauthorized third party acquired certain employee data” and that, while it brought in outside cybersecurity experts to investigate, the incident “has had no impact on our guest experience, our operations or our physical properties, which are all fully operational and open for business.”
In court filings, however, plaintiffs describe what they say is a sweeping failure to protect highly sensitive personal information. They contend the breach has exposed workers and others to long-term risks of identity theft and financial fraud.
Early lawsuits against Wynn Resorts outline scope of alleged breach
The first of the federal complaints, Reed v. Wynn Resorts Limited, frames the case as a failure to secure personal data that customers and employees were required to provide. It states that Wynn had a duty to safeguard names and Social Security numbers but did not take reasonable steps to do so.
The Reed complaint also takes issue with Wynn’s breach notification. It says: “Omitted from the Notice Letter were the identity of the cybercriminals who perpetrated this Data Breach, the details of the root cause of the Data Breach, the vulnerabilities exploited, and the remedial measures undertaken to ensure such a breach does not occur again.”
Another lawsuit, Li v. Wynn Resorts Holdings, LLC, similarly alleges that “the notorious ransomware group ShinyHunters gained unauthorized access to Defendant’s IT Network.” That filing contends Wynn failed to properly secure and safeguard personal information including names, Social Security numbers, and employment details.
Livingston complaint details scope and notice issues
In Livingston v. Wynn Resorts Holdings, LLC, Donyil Livingston expands on the alleged failures. The complaint suggests that Wynn “failed to carry out its duty to safeguard sensitive Private Information and provide adequate data security.”
It also alleges that Wynn has “failed to disclose crucial details, including: (i) the exact beginning and end date of the Data Breach (ii) the date(s) of Wynn’s investigation; (iii) an explanation as to why Wynn allowed the Data Breach to occur, (iv) the root cause of the Data Breach, (v) the vulnerabilities exploited, (vi) the remedial measures undertaken to ensure such a breach does not occur again…”
According to Livingston, plaintiffs now face long-term consequences as a result of the exposure of their data.
Gebo complaint stresses ongoing harm
In a separate case, Gebo v. Wynn Resorts Limited et al., the plaintiff, Cheryl Gebo, claims that Wynn’s security measures were inadequate even before the breach. The complaint states that “Wynn failed to invest the resources necessary to protect the Private Information of Plaintiff and Class members.”
Like Li’s complaint, the filing is limited to employment-related data. It refers to “current, former, and prospective Wynn employees” and focuses on employment-related information like positions, salaries, start dates, and Social Security numbers. It does not frame the class as customers or guests.
It goes on to argue that “Due to Wynn’s flawed security measures and Wynn’s incompetent response to the Data Breach, Plaintiff and Class members now face a present, substantial, and imminent risk of fraud and identity theft and must deal with that threat forever.”
The Gebo filing also stresses the broader value of the compromised data, stating plainly: “PII is a valuable property right.”
Across the complaints, plaintiffs argue that Wynn had legal and equitable duties to safeguard the personal information it collected and stored. They seek damages, injunctive relief, and other remedies on behalf of proposed classes that could include hundreds of thousands of individuals.
Wynn has previously told us that it would not provide comment on ongoing legal actions.
Featured image: Ken Lund via WikiCommons / CC BY-SA 2.0
