Potential class action
Boyd Gaming’s troubles aren’t over yet as a former employee has now filed a lawsuit against the casino company after a recent cyberattack led to the compromising of sensitive data.
The complaint filed late last week in the US District Court of Nevada lists Scott Levy as the plaintiff. He’s hoping to get more people on board to secure class action status. He alleges that Las Vegas-based Boyd Gaming failed to prevent the data breach that led to the release of personal information, including the names and Social Security numbers of certain customers, as well as current and past employees.
Boyd Gaming’s share price has been negatively impacted since the news broke
As of the end of 2024, Boyd Gaming, which also operates online casino services, had more than 16,000 employees, although it is unclear how many of them were affected by the breach. The firm has offered free identity theft protection and credit monitoring for everyone impacted. Boyd Gaming’s share price has been negatively impacted since the news broke, but the firm claimed its cybersecurity insurance should cover any costs resulting from the breach.
Details emerging slowly
Boyd Gaming revealed in an SEC filing on September 23 that it was the victim of a data breach without specifying the date on which the attack occurred. It also didn’t reveal whether or not it paid a ransom to get its systems back to normal.
The lawsuit highlights the lack of information the company provided in that filing. The plaintiff is looking for damages for the mental distress, lost time, and credit monitoring.
Vital Vegas first reported rumors of a possible breach on September 14
Boyd Gaming sent a letter to the impacted individuals on Wednesday confirming that the breach happened on September 5. The company said it became aware of the matter the following day, with the final “observed unauthorized activity” taking place on September 7. Vital Vegas first reported rumors of a possible breach on September 14, nine days before the SEC filing and the public declaration.
A high-value target
In the SEC filing, Boyd Gaming stated that it worked with leading independent cybersecurity experts who discovered that the hackers had removed data from the IT systems. The lawsuit contends that this is an admission of the theft of employee data, and the leaking of this “highly private information” shows that the company’s data and cybersecurity systems were not up to scratch.
BleepingComputer reported that as there was no disruption to the operations of the company, it appeared to be a targeted data theft rather than a ransomware attack that crippled MGM Resorts in September 2023. MGM’s chief technology officer reached out to Boyd Gaming last week to offer help dealing with the hack.
