Boyd Gaming Reports Staff Data Breach Following Cyberattack

Immediate Response and Investigation

The Las Vegas-based casino operator detected the security breach and immediately engaged external cybersecurity specialists while cooperating with federal law enforcement agencies. The company’s investigation revealed that an unauthorized third party successfully removed specific data from Boyd Gaming’s IT systems, affecting employee information and a small number of additional individuals.

Boyd Gaming has initiated notification procedures for all impacted individuals and has contacted relevant regulatory bodies and governmental agencies in accordance with legal requirements.

Financial Impact Assessment

Boyd Gaming maintains that the cybersecurity incident will not materially impact its financial position or operational results. The company’s cybersecurity insurance coverage is expected to address costs related to incident response, forensic investigations, business interruptions, legal proceedings, and regulatory penalties within established policy parameters and deductibles.

The security breach disclosure was formally submitted through a Securities and Exchange Commission filing as Boyd Gaming continues addressing the incident’s consequences.

Industry-Wide Security Concerns

This incident represents the latest cybersecurity challenge facing the gaming sector. Recent months have witnessed similar attacks across the industry, including a breach at gaming supplier Bragg Gaming, which also reported no operational or financial disruption.

Previous notable incidents include cyberattacks targeting Ainsworth and IGT in November 2023, though none matched the scale of the September 2023 MGM Resorts attack. The MGM incident caused significant casino system disruptions and generated over $100 million in EBITDA impact for the global entertainment company, with several perpetrators later apprehended by international authorities.

The gaming industry continues implementing enhanced security measures to protect against increasingly sophisticated cyber threats while maintaining operational continuity for customers and stakeholders.