\n Posted on: October 18, 2025, 07:05h.\u00a0\n <\/p>\n
\n Last updated on: October 18, 2025, 07:52h.\n <\/p>\n
![\"Avatar](\"https:\/\/www.casino.org\/news\/wp-content\/uploads\/2023\/03\/cropped-3-3-50x50.png\")
<\/div>\n<\/p><\/div>\n<\/p><\/div>\nThe OYO Hotel & Casino Las Vegas (formerly Hooters Hotel & Casino) suffered a significant cyberattack in January 2025, according to court filings first reported by Crain\u2019s New York Business<\/a><\/em> on October 14, 2025. The resulting data breach reportedly compromised the personal information of 4,700 casino and hotel guests and employees.<\/p>\n The cyber attack surfaced in a legal dispute between Highgate Hotels, a prominent hotel management firm, and OYO Hotels, which owns properties in Las Vegas and New York, among many other cities. Highgate filed suit contesting its abrupt termination from the OYO Times Square hotel, arguing that its August 1, 2025 dismissal violated New York Labor Law Section 860-a, which requires 90 days\u2019 notice for certain mass layoffs.<\/p>\n OYO defended its action by citing \u201cseriously deficient\u201d IT practices at Highgate, as demonstrated by a Las Vegas data breach that went unreported by mainstream news outlets until the legal filings surfaced. (OYO also fired Highgate as its Las Vegas property manager.)<\/p>\n However, OYO\u2019s termination of Highgate came six weeks before the breach\u2019s official discovery date. As recorded by the state of Maine attorney general\u2019s office,<\/a> it wasn\u2019t notified of the incident until September 18, 2025.<\/p>\n Crain\u2019s<\/em> characterized this timeline discrepancy as \u201cunexplained,\u201d suggesting that OYO may have chosen to keep the incident under wraps for eight months.<\/p>\n As determined by Casino.org,<\/em> BreachSense.com, a dark web monitoring service, published this report<\/a> of the incident on January 14, 2025, fingering LockBit 3.0, a notorious ransomware group that it claimed leaked the compromised OYO Las Vegas data on its dark web portal.<\/p>\n Further details published on August 15, 2025 by another cyber monitoring site, Brinztech.com<\/a>, claimed that 30 gigabytes of sensitive data was stolen and exposed in the incident. This reportedly included:<\/p>\n![\"\"](\"https:\/\/www.casino.org\/news\/wp-content\/uploads\/2025\/10\/oyo-cyberattack-858x626.jpg\")
\n