Boyd Gaming reports data breach following cyberattack on internal systems

Las Vegas-based casino operator Boyd Gaming Corporation has confirmed it was the target of a cyberattack that resulted in unauthorized access to its internal IT systems and the theft of sensitive data, including employee information. The disclosure was made in a Form 8-K filing submitted Tuesday to the U.S. Securities and Exchange Commission.

According to the filing, the company “recently experienced a cybersecurity incident in which an unauthorized third party accessed our internal (information technology) system.” Boyd stated that the breach “has had no impact on the company’s properties or business operations.”

Despite the lack of operational disruptions, the company said that the attackers exfiltrated data from its systems, which included information pertaining to employees and “a limited number of other individuals.” Boyd Gaming has initiated the process of notifying affected parties and stated it will inform regulators and relevant government agencies as required by law.

Federal law enforcement authorities and external cybersecurity experts have been engaged to investigate the breach and assist with response efforts.

Boyd Gaming said it holds a cybersecurity insurance policy that is expected to cover costs related to the incident. This includes expenses for forensic analysis, legal claims, regulatory fines, and overall response and remediation. The company added that it does not expect the breach to have a material adverse effect on its financial condition or business performance.

Boyd operates 28 gaming properties across ten U.S. states, including 11 in the Las Vegas Valley and three in downtown Las Vegas. It employs over 16,000 people and reported an annual revenue of $3.9 billion in 2024.

The cyberattack on Boyd Gaming comes amid a growing number of similar incidents targeting Las Vegas casinos and government institutions. Just last week, local authorities arrested a teenager in connection with a “sophisticated cyber crime” linked to cyberattacks on multiple Las Vegas casino operators in 2023. Although officials did not name specific companies, both MGM Resorts International and Caesars Entertainment were among the list of operators targeted in 2023.

Additionally, on August 24, Nevada state officials confirmed that a ransomware-based cyberattack had severely disrupted several state government services, including the Department of Motor Vehicles and social services.

As of now, no individual or group has claimed responsibility for the attack on Boyd Gaming. The company has not responded to external media inquiries regarding the breach. Boyd Gaming is continuing its investigation and response efforts while working to secure its systems and prevent further unauthorized access.