According to court documents originally published by Crain's New York Business on October 14, 2025, the OYO Hotel & Casino Las Vegas (previously Hooters Hotel & Casino) had a major cyberattack in January 2025. According to reports, 4,700 hotel and casino patrons' personal information was exposed in the ensuing data breach.

The cyberattack came to light during a legal battle between OYO Hotels, which owns properties in Las Vegas, New York, and numerous other cities, and Highgate Hotels, a well-known hotel management company. Highgate filed a lawsuit challenging its sudden firing from the OYO Times Square hotel on August 1, 2025, claiming that the removal violated New York Labor Law Section 860-a, which mandates 90 days' notice for such mass layoffs.

OYO defended its move by pointing to "seriously deficient" IT standards at Highgate, as evidenced by a data breach in Las Vegas that was not covered by the media until the lawsuits were made public. (Vital Vegas claims that although Paragon still runs the casino, OYO also sacked Highgate as its property management in Las Vegas.)

However, six weeks prior to the formal discovery date of the breach, OYO terminated Highgate. It wasn't informed about the incident until September 18, 2025, according to the state of Maine attorney general's office.

This chronology disparity was described by Crain's as "unexplained," implying that OYO might have decided to conceal the occurrence for eight months.

According to Casino.org, the incident was reported by BreachSense.com, a dark web monitoring service, on January 14, 2025. It stated that LockBit 3.0, a well-known ransomware gang, had leaked the compromised OYO Las Vegas data on their dark web page.

According to additional information released on August 15, 2025 by Brinztech.com, another cyber monitoring website, the event resulted in the theft and exposure of 30 terabytes of critical data. According to reports, this included:

• Personal and financial information of hotel and casino patrons
• Internal financial and operational records
• Human resources files containing sensitive employee data
• Proprietary documentation related to casino gaming systems and procedures

OYO did not respond to Casino.org's request for a response right away.