Boyd Gaming Confirms Cyberattack and Data Theft in SEC Filing

Author: Mateusz Mazur

Date: 26.09.2025

0
News

Boyd Gaming Corporation has confirmed that it was the target of a cyberattack that led to unauthorized access to its internal IT systems and the theft of sensitive data. The disclosure came through a Form 8-K filing with the U.S. Securities and Exchange Commission on September 24, 2025.

What Boyd Gaming Disclosed

According to the filing, attackers gained access to Boyd’s systems and removed data, including information tied to company employees and a limited number of other individuals.

While the company has not disclosed when the intrusion began, how long it lasted, or how many records were affected, the breach highlights the continuing pressure on the casino industry from sophisticated cybercriminal groups.

“The company recently experienced a cybersecurity incident in which an unauthorized third party accessed our internal IT system,” the filing stated. “The third party removed data from Boyd Gaming’s systems, including information about employees and a limited number of other individuals.”

Response and Cooperation with Authorities

Boyd reported that it acted immediately upon detecting the intrusion. The company engaged leading external cybersecurity experts to investigate and has been working with federal law enforcement as part of the response effort.

“Upon detecting the incident, the Company promptly took steps to respond to the incident with the assistance of leading external cybersecurity experts and in cooperation with federal law enforcement authorities,” the disclosure noted.

The operator has also begun notifying affected parties and confirmed it will inform regulators and relevant agencies as required under U.S. law.

Impact on Operations and Finances

Boyd emphasized that the breach did not disrupt its casinos or daily business activity:

  • “The breach has had no impact on the company’s properties or business operations.”

  • “The company does not expect the breach to have a material adverse effect on its financial condition or business performance.”

The filing also revealed that Boyd carries a comprehensive cybersecurity insurance policy expected to cover forensic investigations, business interruption, legal claims, and potential regulatory fines, subject to policy limits and deductibles.

So far, no individual or group has claimed responsibility for the attack. Boyd’s disclosure leaves key issues unanswered, such as the timing of the intrusion and the exact scope of stolen records. The lack of clarity stands out, especially given the heightened threat environment facing Nevada’s gaming sector.

Recommended

Las Vegas Sands Targets Dallas for Multi-Billion Dollar Integrated Resort Project
Social Gaming Leadership Alliance Redefines Sweepstakes Casinos as “Social Plus”
Hampton Planning Board Approves Year-Round Casino Complex Remodel
Mega Millions Odds Calculator: True Chances of Winning
Indiana Voters Strongly Reject Online Casino Expansion