Boyd Gaming Responds to Cybersecurity Breach Without Disclosing Ransom Details

Boyd Gaming Faces Cybersecurity Breach Impacting Employee Data

Boyd Gaming Corporation, a long-standing casino operator based in Nevada, recently disclosed a cybersecurity breach affecting its internal technology systems. The company revealed in a Securities and Exchange Commission (SEC) filing that hackers accessed sensitive information. However, Boyd Gaming has not clarified whether the cybercriminals demanded or received any ransom payments.

Immediate Response and Mitigation Efforts

Upon detecting suspicious activity, Boyd Gaming promptly engaged external cybersecurity specialists and coordinated with federal authorities to address the incident. Despite the breach, the company reported that its casino and hotel operations remained uninterrupted throughout the event.

Boyd Gaming expressed confidence that the breach will not result in significant financial damage, citing its comprehensive cybersecurity insurance. This coverage is designed to manage fallout expenses such as investigation costs, business interruptions, legal actions, and regulatory fines.

The company confirmed that criminals obtained employee records containing personal information but has not publicly disclosed the full extent of the compromised data. Compliance with federal and state notification laws means Boyd is informing affected employees and regulatory bodies. Given Boyd’s workforce of over 16,000 employees across 28 casinos nationwide—including 11 locations in the Las Vegas area—the breach potentially impacts a large segment of its staff.

Industry-Wide Challenges and Silence on Ransom Negotiations

Boyd Gaming’s decision to withhold information about any communications with hackers reflects a broader dilemma faced by prominent casino operators. Earlier in 2023, Caesars Entertainment reportedly paid millions to regain system access after a cyberattack, while MGM Resorts International chose not to pay, resulting in service outages that lasted several days and cost an estimated $100 million.

Unlike MGM, Boyd Gaming has not revealed the method hackers used to gain entry. For MGM, investigators discovered that attackers employed “social engineering” tactics, where employees were deceived into revealing their login credentials. Cybersecurity experts identify social engineering as a significant vulnerability for casinos storing valuable financial data, trade secrets, and personal information.

Context of Increasing Cyberattacks in Nevada

This incident is part of a growing number of high-profile cyberattacks targeting organizations across Nevada in recent years. Recently, a ransomware attack disrupted services at state agencies including the Department of Motor Vehicles. Additionally, law enforcement apprehended a teenager suspected of involvement in cyberattacks on Las Vegas casinos in 2023.