OYO Hotel & Casino Las Vegas experienced a significant cyberattack in early January, according to documents from the Maine Attorney General’s office. The breach, which occurred between Jan. 8 and Jan. 11, compromised the personal information of 4,741 individuals. Located just off the Las Vegas Strip, OYO is owned by OYO Hotels and Highgate Hotels, with Paragon Tropicana, Inc., a subsidiary of Paragon Gaming, operating the casino.
On Jan. 11, OYO was alerted to unusual activity within its shared network environment. An investigation revealed that an unauthorized user may have copied certain information belonging to PTI. The breach was classified as an “external system breach (hacking)” and was not reported until Sept. 18. PTI conducted a comprehensive review to assess the extent of sensitive or personal data impacted, concluding the process eight months later.
This incident is part of a broader trend of cyberattacks targeting Las Vegas casinos. Between August and October 2023, several properties were attacked by an organized threat group known as “Scattered Spider,” “Octo Tempest,” “UNC3944,” or “0ktapus.” Notably, Caesars Entertainment paid $15 million in ransom after extortion threats, while MGM Resorts refused to comply and reportedly suffered a loss of up to $200 million and theft of over 65,000 Social Security numbers. MGM disputed the financial impact, citing an SEC filing that reported losses of approximately $110 million.
These incidents highlight a growing cybersecurity threat facing the hospitality and gaming industries in Las Vegas.