Boyd Gaming Corporation disclosed that it suffered a cyberattack that allowed threat actors to access its systems and steal data, including information about employees and a limited number of other individuals, the company said in a Form 8-K filing with the U.S. Securities and Exchange Commission.
The filing, issued on Tuesday evening, says Boyd Gaming worked with external cybersecurity experts to respond to the incident and notified law enforcement. The company added that the breach has not affected its operations and is not expected to have a material adverse impact on its financial condition.
Boyd Gaming operates 28 gaming properties in ten states – Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Missouri, Ohio and Pennsylvania – and manages a tribal casino in northern California. The firm employed more than 16,000 people and reported $3.9 billion in revenue in 2024.
In the 8-K filing, the company stated that the unauthorized third party removed certain data from the company’s IT systems, including information about employees and a limited number of other individuals. It said it is notifying impacted individuals and will notify regulators and other authorities as required.
The filing also notes that no ransomware group or other threat actor has claimed responsibility for the attack, and that Boyd Gaming maintains a cybersecurity insurance policy to cover related costs.