Boyd Gaming Faces Wave of Data Breach Lawsuits

  • Boyd Gaming is facing a class-action lawsuit following a cyberattack last month
  • The lawsuit claims Boyd failed to adequately protect customer and employee data

Las Vegas-based Boyd Gaming Corp. (BYD) faces six federal lawsuits in Nevada following a cyberattack that compromised sensitive personal data in September.

Boyd Gaming headquarters in Las Vegas.  (Images: LinkedIn and Shutterstock)

The suits, filed by four separate law firms on Thursday and Monday, accuse the company of failing to implement adequate cybersecurity protections, resulting in unauthorized access to information Boyd was legally obligated to safeguard.

Each complaint seeks class-action status on behalf of thousands of affected individuals, including current and former employees as well as customers.

The first suit was filed last Thursday by Scott Levy, a former Boyd employee and Las Vegas resident. On Monday, five additional plaintiffs joined the legal action: Deandric Price (Las Vegas), Sherekia Price (Louisiana), Larry Harris (Texas), Patricia Tiedtke (Cincinnati), and Holly Neely, whose place of residence was not disclosed.

What Boyd Acknowledges…

According to a September 23 SEC filing, Boyd acknowledged that cybercriminals had extracted data from its systems, including employee records and information tied to “a limited number of other individuals.” The company stated it has begun notifying those affected and will report the breach to regulators and government agencies as required.

“Upon detecting the incident, the company promptly took steps to respond to the incident with the assistance of leading external cybersecurity experts and in cooperation with federal law enforcement authorities,” Boyd said in the filing, adding: “The company maintains a comprehensive cybersecurity insurance policy, which we expect will cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any, subject to policy limits and deductibles.”

While several lawsuits allege the breach occurred between September 5 and 7, Boyd hasn’t confirmed the timeline, the scope of the data exposure, or whether a ransom was paid. The company maintains a policy of not commenting on active litigation.

Boyd Gaming operates 11 locals casinos in the Las Vegas Valley, including three properties in downtown Las Vegas, and has nearly a dozen other gaming locations spread across 10 states.

Corey Levitan joined Casino.org in 2022 after a long career covering Las Vegas. He currently covers entertainment, dining and gaming news in Las Vegas.

Corey spent six years covering the Vegas Strip for the Las Vegas Review-Journal, where he also wrote the most popular humor column in the city’s history. (For “Fear and Loafing,” he tried out 176 Vegas jobs, including poker player, blackjack dealer and Follie Bergere dancer.)

Corey has won more than 100 local, state and national awards for his journalism, which has also appeared in Rolling Stone, New York Magazine and the New York Post.

Corey is a New York native whose hobbies include playing guitar, trying to be a better husband, and arguing with strangers on Facebook.

Contact Corey at corey@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.