Las Vegas casino operator Boyd Gaming hit by cyberattack exposing information

Boyd Gaming Corporation has confirmed that employee information was stolen in a recent cyberattack, according to a filing with the U.S. Securities and Exchange Commission (SEC) on September 23, 2025.

The Las Vegas–based casino operator said an unauthorized third party gained access to its internal IT systems and removed certain data. The company did not provide an exact date of the breach but described it as having occurred “recently,” just days before the disclosure. Importantly, Boyd Gaming stressed that its casino and hospitality operations were not disrupted.

The company is notifying those impacted and has also begun the process of informing regulators and government agencies. Federal law enforcement and external cybersecurity experts are assisting in the ongoing investigation.

Boyd Gaming emphasized that the breach has not disrupted casino, hotel, or gaming services. “The incident will not have a material adverse effect on the company’s financial condition or results of operations,” the filing noted. The company also highlighted that it carries a comprehensive cybersecurity insurance policy, expected to cover incident response, forensic investigations, business interruption, and potential legal or regulatory costs, subject to policy limits.

A 2025 study in the Gaming Research & Review Journal notes that casinos are especially vulnerable because they use multiple payment systems and store large amounts of sensitive customer information. The report also warns that even short service disruptions can cause huge financial losses. These risks were highlighted in 2023 when MGM Resorts and Caesars Entertainment were hit by ransomware attacks. MGM faced disruptions at 31 properties nationwide, while Caesars confirmed that customer loyalty program data, including driver’s license and social security details, had been exposed.