Boyd Gaming suffered a cyberattack where hackers infiltrated its IT systems, compromising sensitive data of **current and former employees** as well as **a limited number of customers**. The breach led to **five class-action lawsuits**, with plaintiffs alleging negligence in cybersecurity measures. Affected individuals reported **increased spam calls and phishing attempts**, while the company failed to notify some victims directly. Though casino operations remained unaffected, the breach exposed **personal and employment-related data**, triggering legal, financial, and reputational repercussions. The incident aligns with a broader trend of cyberattacks targeting Nevada’s gaming sector, including prior breaches at MGM Resorts and Caesars Entertainment. Boyd Gaming acknowledged the attack in a regulatory filing but did not disclose whether ransomware was involved or if a ransom was paid. The company is relying on cybersecurity insurance to cover costs, including investigations and potential penalties.
Source: https://www.newsnet5.com/news/boyd-gaming-multiple-lawsuits-data-breach/
TPRM report: https://www.rankiteo.com/company/boyd-gaming
"id": "boy0532805100225",
"linkid": "boyd-gaming",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': True,
'industry': 'Gaming/Hospitality',
'location': 'Las Vegas, Nevada, USA',
'name': 'Boyd Gaming',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (personal information)',
'type_of_data_compromised': ['Employee data',
'Limited third-party data']},
'date_publicly_disclosed': '2023-09-23',
'description': 'Boyd Gaming admitted that hackers infiltrated its IT '
'infrastructure, compromising sensitive data involving '
'employees and other individuals connected to the company. The '
'breach led to multiple class-action lawsuits alleging '
'inadequate cybersecurity measures. The company acknowledged '
'the attack on September 23, confirming unauthorized access to '
'employee and limited third-party data. Casino operations '
'remained unaffected, and Boyd Gaming is relying on '
'cybersecurity insurance to cover breach-related costs.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'data_compromised': True,
'identity_theft_risk': True,
'legal_liabilities': ['Multiple class-action lawsuits filed'],
'operational_impact': 'None (casino operations remained '
'unaffected)',
'systems_affected': ['IT infrastructure']},
'investigation_status': 'Ongoing (with federal law enforcement and '
'cybersecurity experts)',
'post_incident_analysis': {'root_causes': ['Alleged inadequate cybersecurity '
'measures']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Article: Boyd Gaming Hit with Multiple Lawsuits '
'After Data Breach'}],
'regulatory_compliance': {'legal_actions': ['Five class-action lawsuits filed '
'by four law firms'],
'regulatory_notifications': ['Securities regulators '
'filing']},
'response': {'communication_strategy': ['Public disclosure via securities '
'regulators filing'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Leading cybersecurity experts']},
'title': 'Boyd Gaming Data Breach and Multiple Lawsuits',
'type': ['Data Breach', 'Cyberattack']}