OYO hotel-casino hit by cyberattack in January | Casinos & Gaming

An off-Strip casino-hotel was the goal of a cyberattack earlier this yr, a revelation made public in courtroom filings due to a lawsuit in New York involving two events related to the Las Vegas property.

OYO Las Vegas hotel-casino suffered a digital breach someday between Jan. 8 and Jan. 11, allegedly exposing delicate information of about 4,700 visitors, workers and enterprise companions.

OYO Hotels, the India-based hospitality firm that owns the Las Vegas hotel-casino, and Highgate Hotels Inc., a New York-based resort administration agency, are presently engaged in a number of authorized disputes over alleged contract violations, together with one in New York and one other in Delaware, involving a number of properties.

Neither firm nor the attorneys listed in courtroom filings responded to requests for remark from the Las Vegas Review-Journal.

According to courtroom filings, the Las Vegas hotel-casino cyberattack was a “data privacy matter” that occurred underneath Highgate’s administration. OYO accuses the resort operator of “clear negligence” and “failure to assume responsibility” for the assault. The firm has since served Highgate with a discover of breach and termination, citing “material and irreparable” violations of its administration settlement and “significant financial underperformance” on the property, which sits throughout Tropicana Avenue from MGM Grand.

The Las Vegas incident surfaced publicly after Highgate filed go well with over its dismissal from the OYO Times Square resort in New York, claiming its August 2025 termination violated state labor legal guidelines requiring 90 days’ discover for sure layoffs. OYO, in its protection, pointed to the Las Vegas cyberattack as proof of “seriously deficient” IT practices.

According to data published by the Maine attorney general’s office, OYO didn’t formally report the breach till Sept. 18, eight months after cybersecurity website BreachSense.com stated the ransomware group LockBit 3.0 leaked 30 gigabytes of firm information on the darkish net. The compromised info allegedly included private and monetary information, inner monetary statements and on line casino operations paperwork.

An Oct. 9 letter from Paragon Tropicana Inc., a subsidiary of OYO Las Vegas’ on line casino operator Paragon Gaming, was despatched to probably affected victims of the digital breach.

Five days later, Crain’s New York Business first reported on the Las Vegas hotel-casino cyberattack whereas overlaying the labor dispute in New York City. The disclosure got here from a letter penned by an OYO government to Highgate officers justifying the tried termination of the Las Vegas working settlement, which was submitted as proof within the New York case.

Las Vegas casinos have been targets of cyberattacks in recent times.

This yr Las Vegas-based Boyd Gaming Corp. was the sufferer of a cyberattack the place an third social gathering accessed the corporate’s inner info know-how system, in accordance with a public submitting with the U.S. Securities and Exchange Commission.The on line casino firm stated the cyberattack “has had no impact on the company’s properties or business operations.”

In September 2023, MGM Resorts International suffered a systemwide outage attributable to a ransomware group generally known as Scattered Spider, which disrupted resort operations, slot machines and digital room keys throughout a number of properties. Caesars Entertainment disclosed the same breach the identical month, reportedly paying a multimillion-dollar ransom to stop stolen buyer information from being launched on-line.

Contact David Danzis at ddanzis@reviewjournal.com or 702-383-0378. Follow @AC2Vegas_Danzis on X.