Boyd Gaming Faces Wave of Data Breach Lawsuits

Posted on: October 1, 2025, 01:16h. 

Last updated on: October 1, 2025, 01:30h.

Corey Levitan Read More
Expertise: Commercial Gaming, Entertainment, Expert Insight, Las Vegas, Restaurants, Vegas Myths Busted.
  • Boyd Gaming is facing a class-action lawsuit following a cyberattack last month
  • The lawsuit claims Boyd failed to adequately protect customer and employee data

Las Vegas-based Boyd Gaming Corp. (BYD) faces six federal lawsuits in Nevada following a cyberattack that compromised sensitive personal data in September.

Boyd Gaming headquarters in Las Vegas.  (Images: LinkedIn and Shutterstock)

The suits, filed by four separate law firms on Thursday and Monday, accuse the company of failing to implement adequate cybersecurity protections, resulting in unauthorized access to information Boyd was legally obligated to safeguard.

Each complaint seeks class-action status on behalf of thousands of affected individuals, including current and former employees as well as customers.

The first suit was filed last Thursday by Scott Levy, a former Boyd employee and Las Vegas resident. On Monday, five additional plaintiffs joined the legal action: Deandric Price (Las Vegas), Sherekia Price (Louisiana), Larry Harris (Texas), Patricia Tiedtke (Cincinnati), and Holly Neely, whose place of residence was not disclosed.

What Boyd Acknowledges…

According to a September 23 SEC filing, Boyd acknowledged that cybercriminals had extracted data from its systems, including employee records and information tied to “a limited number of other individuals.” The company stated it has begun notifying those affected and will report the breach to regulators and government agencies as required.

“Upon detecting the incident, the company promptly took steps to respond to the incident with the assistance of leading external cybersecurity experts and in cooperation with federal law enforcement authorities,” Boyd said in the filing, adding: “The company maintains a comprehensive cybersecurity insurance policy, which we expect will cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any, subject to policy limits and deductibles.”

While several lawsuits allege the breach occurred between September 5 and 7, Boyd hasn’t confirmed the timeline, the scope of the data exposure, or whether a ransom was paid. The company maintains a policy of not commenting on active litigation.

Boyd Gaming operates 11 locals casinos in the Las Vegas Valley, including three properties in downtown Las Vegas, and has nearly a dozen other gaming locations spread across 10 states.