OYO Las Vegas Hotel & Casino Hit by Ransomware Attack Exposing Guest Data

Published 2025-10-24 19:07:40 | hoodline.com
Ransomware Data Breach Oyo Las Vegas Lockbit

🎙️ Paranoid Newscast

🎭
Credibility
70%
📊
Risk Score
72%
🎲
Likelihood
8/10
💥
Impact
9/10
🛡️
Priority
4/5
The OYO Las Vegas Hotel & Casino experienced a ransomware attack in January, exposing personal and financial information of approximately 4,700 individuals. The incident is now central to a legal dispute between OYO and its former management company, Highgate Hotels.

The OYO Las Vegas Hotel & Casino was hit by a ransomware attack in January that exposed guest and employee information. The incident, which occurred while the property was managed by Highgate Hotels, has become a key piece of evidence in a broader legal fight between OYO and its former manager. Newly revealed details — including tens of gigabytes of stolen files and thousands of affected people — landed in the public record this month as court documents and state notices were unsealed.

Dark-web monitoring and reporting show the attack occurred between Jan. 8 and Jan. 11, and the LockBit 3.0 ransomware group leaked roughly 30 gigabytes of files, including personal and financial records and casino operations documents, according to BreachSense. Court filings and local reporting say about 4,700 guests, employees and business partners had information compromised, as reported by Las Vegas Review-Journal.

The breach surfaced publicly after it appeared in New York court filings tied to a dispute between OYO and Highgate, the company that managed the hotel at the time. OYO reportedly notified law enforcement on Sept. 18 and affected individuals received letters in October following a notice from the property's operator, according to Action Network.

OYO claims the breach shows "seriously deficient" IT practices by Highgate and has served the manager with a notice of breach and termination — claims that are now central to related lawsuits in New York and Delaware, according to Las Vegas Review-Journal.

The disclosure arrives amid a string of high‑profile cyber incidents targeting casino operators in recent years, and it underscores persistent vulnerabilities in hospitality technology systems. Other operators, including Boyd Gaming, MGM Resorts and Caesars, have reported breaches or disruptions in recent years, putting renewed pressure on regulators and operators to tighten security, as noted by Casino.org.

If you stayed at OYO Las Vegas in January or received a notice, monitor bank and credit‑card statements closely, check your credit reports, change passwords for any accounts tied to hotel reservations, and be alert for phishing attempts. The property's operator sent letters to people who may have been affected on Oct. 9; anyone with questions should follow the guidance in that notice or contact their financial institutions for fraud‑protection options, per Action Network.

Ongoing court filings and state breach notices are likely to produce more details in the weeks ahead, and reporters have asked OYO and the managing companies for comment. OYO did not immediately return requests for comment, Casino.org reported; we will update this story if companies provide additional information.