Another Las Vegas Casino Suffered Major Cyberattack — Back in January
Posted on: October 18, 2025, 07:05h.
Last updated on: October 19, 2025, 06:47h.
The OYO Hotel & Casino Las Vegas (formerly Hooters Hotel & Casino) suffered a significant cyberattack in January 2025, according to court filings first reported byCrain’s New York Business on October 14, 2025. The resulting data breach reportedly compromised the personal information of 4,700 casino and hotel guests and employees.
The cyber attack surfaced in a legal dispute between Highgate Hotels, a prominent hotel management firm, and OYO Hotels, which owns properties in Las Vegas and New York, among many other cities. Highgate filed suit contesting its abrupt termination from the OYO Times Square hotel, arguing that its August 1, 2025 dismissal violated New York Labor Law Section 860-a, which requires 90 days’ notice for certain mass layoffs.
OYO defended its action by citing “seriously deficient” IT practices at Highgate, as demonstrated by a Las Vegas data breach that went unreported by mainstream news outlets until the legal filings surfaced. (OYO also fired Highgate as its Las Vegas property manager, though Paragon continues to operate the casino,according toVital Vegas.)
However, OYO’s termination of Highgate came six weeks before the breach’s official discovery date. As recorded bythe state of Maine attorney general’s office, it wasn’t notified of the incident until September 18, 2025.
Crain’s characterized this timeline discrepancy as “unexplained,” suggesting that OYO may have chosen to keep the incident under wraps for eight months.
As determined byCasino.org, BreachSense.com, a dark web monitoring service, publishedthis report of the incident on January 14, 2025, fingering LockBit 3.0, a notorious ransomware group that it claimed leaked the compromised OYO Las Vegas data on its dark web portal.
Further details published on August 15, 2025 by another cyber monitoring site,Brinztech.com, claimed that 30 gigabytes of sensitive data was stolen and exposed in the incident. This reportedly included:
- Personal and financial information of hotel and casino patrons
- Internal financial and operational records
- Human resources files containing sensitive employee data
- Proprietary documentation related to casino gaming systems and procedures
OYO did not immediately returnCasino.org‘s request for a response.
Most Popular
Last Comment ( 1 )
Write a commentCancel reply
- DavidOctober 19, 2025
No mention of the casino operator. So who is at fault for the casino data? Total dangerous sh*thole