Boyd Gaming Faces Multiple Lawsuits Following Data Breach

Boyd Gaming Hit with Multiple Lawsuits After Data Breach

Boyd Gaming is currently grappling with several lawsuits after admitting that hackers infiltrated its IT infrastructure, compromising sensitive data involving employees and other individuals connected to the company.

Plaintiffs Criticize Boyd’s Cybersecurity Measures

Four separate law firms have initiated five class-action lawsuits last week, representing thousands of affected parties, including current and former employees as well as customers. These suits allege the company failed to implement necessary protective measures to safeguard personal information.

The first lawsuit was filed by Scott Levy, a former Boyd Gaming employee based in Las Vegas. Subsequently, five additional plaintiffs joined the case: Deandric Price from Las Vegas, Sherekia Price from Louisiana, Larry Harris from Texas, Patricia Tiedtke from Cincinnati, and Holly Neely, whose location remains undisclosed.

Levy described Boyd Gaming’s cybersecurity as “completely inadequate,” allowing attackers to access a large volume of private information. He has experienced increased spam calls and phishing attempts since the breach and also mentioned that Boyd did not notify him directly about the incident.

On September 23, Boyd Gaming publicly acknowledged the cyberattack through a filing with securities regulators, confirming that an unauthorized party accessed their IT systems and obtained data related to employees and a limited number of other individuals.

The company stated that it responded promptly with the help of leading cybersecurity experts and worked with federal law enforcement. They also reported that casino operations remained unaffected by the breach. Additionally, Boyd Gaming has cybersecurity insurance which they believe will cover breach-related costs including investigations, legal claims, and potential regulatory penalties.

Though some lawsuits claim the breach occurred between September 5 and 7, Boyd has not officially confirmed the exact timeline, the specific data compromised, or whether any ransom was paid to the attackers.

Ongoing Cybersecurity Challenges in Nevada’s Gaming Industry

This incident is part of a troubling series of cyberattacks targeting Nevada’s gaming sector. About two years ago, MGM Resorts and Caesars Entertainment suffered similar breaches linked to a hacker group known as Scattered Spider.

Recently, Las Vegas police detained a teenager reportedly connected to sophisticated network intrusions in 2023. Authorities attribute these attacks to an organized threat actor group identified by multiple names including Scattered Spider, Octo Tempest, UNC3944, and oktapus.

Additionally, Nevada’s state government experienced a significant cyber incident that took down many state websites for nearly three weeks. By September, Governor Joe Lombardo announced that almost all state sites had been restored.