Massive Data Leak Exposes Nearly 5 Million Hospitality Guests in Spain and Austria Security researchers at Cybernews uncovered a major data breach involving Spanish and Austrian hospitality platforms, exposing nearly 5 million users’ personal information. The incident stemmed from an attacker who compromised 527 accounts belonging to hotels and hosts, using them to extract sensitive data via automated Python scripts. The stolen data totaling 6.5GB was left unprotected on an open server, allowing researchers to access it. The breach affected platforms like Chekin (a Spain-based automated check-in service) and Gastrodat (an Austrian hotel management software provider), with records pulled from over 170 facilities worldwide. The exposed data includes guest names, email addresses, phone numbers, birth details, ID document numbers, reservation IDs, stay dates, and property addresses. In some cases, internal safety flags and account credentials including JWT tokens were also compromised. Gastrodat alone accounted for 361,000 booking records (11.6 million entries), while Chekin exposed 311,400 records, including 253,000 ID document numbers. The attacker used Telegram to forward the stolen data in real time, though the unsecured server ultimately led to its discovery. The scale of the leak highlights vulnerabilities in hospitality sector security, with millions of travelers and guests now at risk of identity theft and fraud.

ShinyHunters Claims Breach of Wynn Resorts, Leaks 800K Employee Records The ransomware group ShinyHunters has allegedly breached Wynn Resorts, claiming to have stolen over 800,000 employee records and demanding 23.34 Bitcoin (≈$1.55 million) to delete the data. The group set a deadline of February 23, 2026, for payment, warning that failure to comply would result in the data being leaked on the dark web. A sample of the stolen data, analyzed by The Register, includes full names, emails, phone numbers, job positions, salaries, start dates, birth dates, and other personal details enough to facilitate phishing attacks, credential theft, and financial fraud. According to a group member, the breach occurred in September 2025 via an Oracle PeopleSoft vulnerability, exploiting compromised employee credentials. Wynn Resorts has not yet responded to the claims or media inquiries. ShinyHunters has been highly active in recent months, targeting organizations through vishing scams and exploiting identity management systems like Okta. This incident follows high-profile attacks on Caesars Entertainment and MGM Resorts in September 2023, reinforcing concerns over cybersecurity vulnerabilities in the hospitality and gaming sectors.

Cybercrime in 2025: A Global Threat Surpassing National Economies Cybercrime continues to escalate into one of the world’s most lucrative illicit industries, with damages projected to reach $10.5 trillion USD globally in 2025 a figure that, if measured as a country, would rank as the third-largest economy after the U.S. and China. This staggering growth, driven by increasingly sophisticated attacks, underscores the evolving threat landscape as cybercriminals target businesses, governments, and individuals with alarming efficiency. ### The Cybercrime Epidemic: Key Trends - Underreporting Persists: Despite improved reporting practices, less than 25% of global cybercrimes are reported to law enforcement, leaving vast swaths of criminal activity unaddressed. - Youth-Driven Threats: The FBI reports that cybercriminals are getting younger, with the average age of arrested offenders dropping a trend that complicates traditional law enforcement approaches. - Hotspots Identified: A 2024 World Cybercrime Index ranked Russia, Ukraine, China, the U.S., Nigeria, and Romania as the top sources of cybercrime, highlighting concentrated hubs of malicious activity. ### Ransomware: A Pervasive Threat Ransomware remains a dominant force, with attacks increasing 9% year-over-year in 2024. The most active groups Akira, LockBit, RansomHub, FOG, and PLAY targeted critical infrastructure, with 88% of small-to-midsized businesses (SMBs) and 39% of large enterprises experiencing breaches. The financial toll is staggering: - $20 billion USD in 2021 (up from $325 million in 2015). - Projected to exceed $265 billion by 2031, with attacks occurring every 2 seconds by 2031. High-profile incidents in 2024–2025 include: - UnitedHealth’s $1.6 billion loss after a ransomware attack disrupted U.S. healthcare payments. - CDK Global’s auto dealership shutdowns, forcing businesses offline for days after a ransom demand in the tens of millions. - MGM Resorts’ $100 million hit from a 2023 attack that crippled casino operations. ### Cryptocurrency Crime: A Booming Black Market Cryptocurrency-related crimes surged, with $28 billion in illicit funds flowing into exchanges over two years. Key developments: - Ripple co-founder Chris Larsen lost $112.5 million in a 2024 hack one of the largest individual crypto thefts. - Huione, a Cambodian marketplace, processed $70 billion in suspicious transactions since 2021, facilitating scams, fraud, and sanctioned activities. - North Korea’s Lazarus Group was linked to the $625 million Axie Infinity hack (2022), the largest crypto theft to date. ### Major Breaches and Supply-Chain Attacks 2024–2025 saw a wave of supply-chain and cloud-based attacks, exposing vulnerabilities in interconnected systems: - Snowflake Breach: Hackers exploited stolen credentials to access 560 million Ticketmaster records and Live Nation data, prompting a federal investigation. - Salesforce Exploits: The ShinyHunters gang breached dozens of companies, including Google, Allianz, and Toyota, by targeting cloud databases. - MOVEit Hack: The Clop ransomware group compromised 2,600+ organizations, including U.S. government agencies and global corporations. - Oracle Cloud Attack: Over 100 companies were affected by a campaign targeting Oracle’s business software, with damages still being tallied. ### Historic Cyberattacks: Lessons from the Past The report highlights landmark cyber incidents that reshaped security paradigms: - Equifax (2017): 147 million records exposed, including Social Security numbers, due to an unpatched vulnerability. - NotPetya (2017): A $10 billion attack originating in Ukraine, crippling Maersk, Merck, and global supply chains. - WannaCry (2017): Infected 200,000 systems across 150 countries, demanding Bitcoin ransoms. - Stuxnet (2010): A U.S.-Israeli cyberweapon that sabotaged Iran’s nuclear centrifuges. - Heartbleed (2014): A catastrophic OpenSSL flaw that exposed 500,000 servers to data theft. ### The Future of Cybersecurity While AI-driven defenses have reduced breach containment times to 241 days (the lowest in nine years), the same technologies are being weaponized by attackers. With 60% of global data now stored in the cloud and 6 billion internet users by 2025, the attack surface continues to expand. Small businesses remain particularly vulnerable 60% fold within six months of a cyberattack. As cybercrime evolves, the economic and operational risks demand heightened vigilance, though the battle against digital threats shows no signs of slowing.

Scattered Spider executed a sophisticated cyberattack on MGM Resorts, leveraging advanced social engineering and hypervisor-level ransomware tactics. The attack resulted in operational disruptions, financial losses exceeding $100 million, and significant reputational damage. The group exploited VMware vSphere environments, deployed DragonForce ransomware, and maintained persistent access despite active incident response efforts.

MGM Resorts has been the target of high-profile cyberattacks by a subgroup of The Com known as Scattered Spider. These attacks have led to significant data breaches, compromising sensitive customer information and causing financial losses. The group's sophisticated methods and diverse criminal activities, including ransomware, extortion, and cryptocurrency theft, have caused widespread concern in the retail, insurance, and airline industries.

Qantas Suffers Major Data Breach Affecting Up to 6 Million Customers Qantas, Australia’s largest airline, has confirmed a cyberattack that compromised the personal data of up to six million customers through a third-party call center platform. The breach was detected on Monday, with threat actors gaining unauthorized access to customer service records. The stolen data may include names, email addresses, phone numbers, birth dates, and frequent flyer numbers. Qantas has assured customers that no financial information, credit card details, or login credentials were exposed. The airline has contained the incident, stating that its internal systems remain secure, and has set up a dedicated support line for affected individuals. Qantas Group CEO Vanessa Hudson apologized, emphasizing the company’s commitment to customer trust and support. The breach follows a series of controversies for the airline, including pandemic-related operational issues and opposition to Qatar Airways’ expansion plans. Authorities, including the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and the Australian Federal Police, have been notified. Independent cybersecurity experts are investigating the incident. Potential Link to Scattered Spider While the attackers’ identity remains unconfirmed, the tactics used align with those of the Scattered Spider ransomware group, which has recently targeted airlines and retailers in the U.S. and U.K. The FBI has warned about the group’s use of social engineering such as phishing, SIM swapping, and help desk impersonation to bypass multi-factor authentication and steal sensitive data. Scattered Spider, also known as UNC3944, is a sophisticated cybercriminal collective believed to consist of young adults in the U.S. and U.K. The group has been linked to high-profile attacks on MGM Resorts, Caesars Entertainment, and Snowflake customers, often partnering with ransomware-as-a-service (RaaS) providers like ALPHV. Their recent focus on aviation includes breaches at Hawaiian Airlines and WestJet, where they exploited self-service password reset tools. Rising Cyber Threats in Australia The Qantas breach adds to a surge in cyber incidents across Australia. The Office of the Australian Information Commissioner reported a 25% year-on-year increase in data breaches, with 1,113 incidents in the last fiscal year up from 893 in 2023. The health sector was the most targeted, followed by government, finance, and retail. 69% of breaches were attributed to malicious or criminal activity, with phishing and ransomware as the primary methods. Scattered Spider’s evolution from telecom attacks to critical infrastructure and high-profile extortion highlights the growing sophistication of cybercriminal groups. Their use of legitimate remote-access tools and cloud platforms underscores the challenges organizations face in defending against such threats.

The cybercriminal group SCATTERED SPIDER executed a sophisticated phone-based social engineering attack on MGM Resorts, leading to widespread IT disruption across its casinos and hotels. The attackers, using their linguistic and cultural fluency, impersonated legitimate employees to bypass multi-factor authentication and gain initial access. This attack caused significant operational disruptions, affecting critical sectors including hospitality, and demonstrated the vulnerability of well-defended organizations to human-centric intrusion strategies.

British Hacker Pleads Guilty in $8M Cryptocurrency Theft Scheme Linked to "Scattered Spider" Collective A 24-year-old British hacker, Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty in U.S. federal court to conspiracy to commit wire fraud and aggravated identity theft for his role in a cybercrime campaign that stole at least $8 million in cryptocurrency. Buchanan, identified as a suspected leader of the hacking collective Scattered Spider, was arrested in June 2024 at Palma Airport in Spain while attempting to travel to Italy. Scattered Spider operates as a decentralized group, distinguishing itself from traditional cybercrime organizations by consisting largely of native English speakers, which enhances its social engineering capabilities. Buchanan was among five defendants charged in November 2024 with orchestrating phishing campaigns that compromised employee credentials, enabling data theft and financial fraud. The group targeted high-profile victims, including MGM Resorts, Coinbase, Twilio, Mailchimp, and LastPass, as well as at least a dozen other companies across telecommunications, technology, and cryptocurrency sectors. Their tactics involved smishing sending fraudulent SMS messages impersonating legitimate entities to trick employees into entering login details on spoofed websites. Stolen credentials were then used to infiltrate corporate systems and access sensitive data, including virtual currency accounts. Prosecutors revealed that the conspirators shared stolen credentials via online messaging platforms, coordinating intrusions that extended to individual victims. Some attacks involved the theft of cryptocurrency seed phrases and account details recovered from seized devices. Buchanan has been in U.S. custody since April 2025 and faces up to 22 years in prison. One co-defendant, Noah Michael Urban, is already serving a 10-year sentence after pleading guilty in April 2024. The remaining three alleged conspirators Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans remain awaiting trial.

Caesars Entertainment revealed in an SEC filing that the company had been the victim of a social engineering attack on an outsourced IT support vendor used by the company. The website and smartphone apps for the corporation have been down for almost a week. Weeks before the attack on MGM Resorts, Caesars was attacked. The attack severely disrupted MGM's operations, making check-in for visitors a lengthy process and rendering electronic payments, digital key cards, slot machines, ATMs, and paid parking systems useless. Known ransomware-as-a-service organizations seem to have targeted both businesses. ALPHV.

In 2023–2024, MGM Resorts suffered a catastrophic cyber attack attributed to the Scattered Spider hacking group (affiliated with ALPHV/BlackCat ransomware). The breach began with a social engineering attack targeting an employee via LinkedIn, leading to credential theft and unauthorized access to MGM’s IT systems. The attackers encrypted over 100 ESXi hypervisors, disrupting operations across multiple properties, including slot machines, hotel reservations, and digital key systems. The outage lasted 10 days, causing $100M+ in losses from downtime, recovery, and reputational damage. While MGM refused to pay the ransom, the incident triggered class-action lawsuits, regulatory scrutiny, and long-term customer churn. The attack exposed vulnerabilities in identity management and third-party access controls, aligning with 2025 trends where credential theft and phishing-resistant MFA gaps dominate high-impact breaches. The financial and operational fallout underscored the existential threat posed by ransomware to large enterprises, particularly in hospitality and gaming sectors.

In 2022, MGM Resorts International suffered a major cyber attack orchestrated by a 17-year-old hacker from Illinois, exploiting AI-driven social engineering and advanced hacking techniques. The breach caused an estimated $200 million in damages, disrupting operations, compromising customer and employee data, and severely impacting the company’s reputation. The attack led to system outages, financial losses, and potential long-term trust erosion among clients. The hacker leveraged AI tools to bypass security protocols, demonstrating how emerging technologies enable even inexperienced criminals to execute high-impact cyberattacks. The incident also highlighted vulnerabilities in Las Vegas’s casino industry, a prime target due to the vast amounts of personal and financial data collected. The case remains under legal review, with authorities debating whether to prosecute the minor as an adult, underscoring the escalating sophistication and audacity of cyber threats in critical sectors like hospitality and gaming.

The Maine Office of the Attorney General reported a data breach involving BetMGM, LLC on December 21, 2022. The breach occurred between May 21 and May 23, 2022, potentially affecting 459 residents, with compromised information including Social Security numbers. An investigation began following the company discovering the issue on November 28, 2022, and identity theft protection services were offered.

Scattered Spider Leader Pleads Guilty in $8M Cryptocurrency Heist A 24-year-old British national, Tyler Robert Buchanan alleged leader of the cybercrime group Scattered Spider has pleaded guilty in the U.S. to charges of wire fraud and aggravated identity theft. Prosecutors accuse Buchanan and four co-conspirators of stealing at least $8 million in cryptocurrency between September 2021 and April 2023 through a series of SMS phishing (smishing) attacks targeting employees at over a dozen companies. The victims spanned multiple industries, including entertainment, telecommunications, IT, cloud communications, and cryptocurrency services. The group used fraudulent text messages impersonating legitimate IT or business process outsourcing (BPO) suppliers, directing victims to fake login pages to harvest credentials. With stolen access, they executed SIM swap attacks, hijacking phone numbers and cryptocurrency wallets to siphon funds. Buchanan was arrested in June 2024 in Palma de Mallorca, Spain, and has been in U.S. custody since April 2025. He faces a maximum sentence of 22 years and is scheduled for sentencing on August 21, 2026. Three accomplices Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans were charged in November 2024 with similar offenses, carrying potential 20-year prison terms. A fourth member, Noah Michael Urban (aka Sosa/Elijah), was sentenced to 10 years in 2024 after pleading guilty to related charges. Scattered Spider, also known as 0ktapus, UNC3944, and Octo Tempest, is a loosely organized, English-speaking collective of young hackers (some as young as 16) that operates via Telegram, Discord, and hacker forums. The group employs social engineering, MFA bombing, and SIM swapping to breach corporate networks. Since 2023, they have collaborated with Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub. Notable attacks linked to Scattered Spider include breaches at MGM Resorts, Caesars, Riot Games, MailChimp, Twilio, DoorDash, and Reddit. In July 2024, UK authorities arrested a 17-year-old suspect tied to the 2023 MGM ransomware attack, further underscoring the group’s role in high-profile cybercrime.

MGM Resorts Data Breaches Lead to $4M Canadian Class-Action Settlement A proposed $4 million class-action settlement has been certified by the Supreme Court of British Columbia for Canadians affected by two major data breaches at MGM Resorts International. The incidents occurring in July 2019 and September 2023 exposed sensitive personal information of millions of guests. The 2019 breach compromised names, addresses, and passport numbers, while the 2023 ransomware attack also exposed driver’s license numbers, military IDs, and Social Security numbers. U.S. court filings indicate over 37 million customers were impacted across both incidents. MGM Resorts has denied liability, stating the settlement was reached to avoid prolonged litigation. Eligibility extends to Canadians (excluding Quebec) whose data was exposed in the 2019 breach. Quebec residents may pursue compensation through separate class actions in the province, both pending court approval. Under the proposed settlement, funds will cover: - Credit monitoring (one year) with up to $1 million in fraud/identity theft insurance. - Substantiated losses (up to $20,000 per claim). - Unsubstantiated losses ($150 for one incident, $300 for both). Payouts may be adjusted based on claim volume, with maximums of $500 (one incident) or $1,000 (both incidents). The settlement approval hearing is scheduled for May 25, with an opt-out deadline of May 19. Affected individuals are automatically included unless they choose to exclude themselves.