Boyd Gaming Corporation, a Las Vegas-based casino operator, suffered a cyberattack resulting in unauthorized access to its internal IT systems. The breach led to the theft of sensitive data, primarily employee information and a limited number of other individuals' details. While the attack did not disrupt business operations or casino properties, the exfiltrated data included confidential employee records. The company has engaged federal law enforcement and external cybersecurity experts to investigate and mitigate the incident. Boyd Gaming holds cybersecurity insurance to cover related costs, including forensic analysis, legal claims, and regulatory fines. Despite the breach, the company does not anticipate a material adverse financial impact. The incident aligns with a broader trend of cyberattacks targeting Las Vegas casinos and government entities, though no group has claimed responsibility for this specific attack. Notification of affected parties and regulatory bodies is underway as part of the response protocol.
TPRM report: https://www.rankiteo.com/company/boyd-gaming
"id": "boy3392633092425",
"linkid": "boyd-gaming",
"type": "Breach",
"date": "9/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Limited number of individuals '
'(beyond employees)',
'industry': 'Gaming/Hospitality',
'location': 'Las Vegas, Nevada, USA',
'name': 'Boyd Gaming Corporation',
'size': '16,000+ employees, $3.9B annual revenue '
'(2024)',
'type': 'Public Company'}],
'customer_advisories': ['Notifications to Affected Individuals'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Employee Information',
'Third-Party Personal Data']},
'date_publicly_disclosed': '2025-09-24',
'description': 'Las Vegas-based casino operator Boyd Gaming Corporation '
'confirmed a cyberattack resulting in unauthorized access to '
'its internal IT systems and theft of sensitive data, '
'including employee information. The breach was disclosed in a '
'Form 8-K filing to the U.S. SEC. While no operational '
'disruptions occurred, data exfiltration included employee and '
'limited third-party information. Federal law enforcement and '
'external cybersecurity experts are investigating. The company '
'expects its cybersecurity insurance to cover related costs '
'and does not anticipate material financial impact.',
'impact': {'data_compromised': ['Employee Information',
'Limited Third-Party Data'],
'downtime': 'None',
'identity_theft_risk': 'Potential (Employee Data)',
'operational_impact': 'None',
'systems_affected': ['Internal IT Systems']},
'initial_access_broker': {'high_value_targets': ['Employee Data',
'Internal IT Systems']},
'investigation_status': 'Ongoing (Federal Law Enforcement and External '
'Experts Involved)',
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2025-09-24',
'source': 'Boyd Gaming Corporation SEC Form 8-K Filing'},
{'date_accessed': '2025-09-24',
'source': 'Media Reports on Las Vegas Cyberattacks '
'(2023-2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['U.S. Securities and '
'Exchange Commission '
'(SEC)',
'Relevant Government '
'Agencies']},
'response': {'communication_strategy': ['SEC Form 8-K Filing',
'Regulatory Notifications',
'Affected Party Notifications'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': ['Federal Law Enforcement',
'External Cybersecurity Experts']},
'stakeholder_advisories': ['SEC Filing', 'Regulatory Notifications'],
'title': 'Cyberattack on Boyd Gaming Corporation',
'type': ['Data Breach', 'Unauthorized Access']}