Boyd Gaming Corporation has disclosed a cybersecurity incident involving unauthorized access to its internal IT systems, resulting in the exfiltration of sensitive data related to employees and a limited number of other individuals.
According to a Form 8-K filed with the US Securities and Exchange Commission, the Las Vegas-based gaming and hospitality company detected the breach recently and responded by engaging external cybersecurity experts and notifying federal law enforcement. While Boyd did not provide a specific timeline for the breach or its discovery, the company emphasized that its properties and business operations remained unaffected.
The attackers reportedly removed undisclosed types of data from Boyd’s systems, with the company confirming the compromised information includes employee details and some data related to non-employees. The exact scope and sensitivity of the data have not yet been made public. Boyd Gaming stated that it is in the process of notifying impacted individuals and alerting regulators in accordance with legal obligations.
Boyd Gaming Corporation operates 28 gaming properties across 10 US states and employs thousands of individuals, making it a significant player in the US regional casino market. The company occupies a critical segment of the industry, focusing on both local and tourist gaming markets. Its infrastructure includes casinos, hotels, restaurants, and entertainment venues, all of which rely heavily on IT systems for operations, employee management, and guest services.
Despite the confirmed data exfiltration, Boyd assured investors that the breach is not expected to materially affect the company’s financial condition or operational performance. The company also noted that it maintains a comprehensive cybersecurity insurance policy, which it anticipates will cover response-related costs, forensic analysis, potential regulatory fines, and any business interruptions arising from the incident, subject to the policy’s limits and conditions.
The hospitality and casino sector has been hit hard by cyberattacks in recent years, with notable incidents including ransomware attacks at MGM Resorts and Caesars in 2023, attributed to the Scattered Spider threat group. Boyd has not publicly attributed the breach to a known threat actor or ransomware group.
Employees and third parties potentially impacted should be cautious of unsolicited communications that may reference Boyd Gaming or claim to be from internal HR or security teams, and reset credentials for Boyd accounts. It is also crucial to closely monitor accounts and credit reports, and consider placing fraud alerts or credit freezes with major bureaus.
Leave a Reply