Lynnae is a journalist covering the intersection of technology, culture, and gambling. She has more than five years of experience as a writer and editor, with bylines at SlashGear and MakeUseOf. On the iGaming side,...
Read Full BioBoyd Gaming Corporation disclosed that it had suffered a cybersecurity breach in a Form 8-K filed with the U.S. Securities and Exchange Commission on September 23.
Boyd’s disclosure comes just weeks after the operator reported strong Q2 results, with its stock rising on an earnings beat and revenue windfalls from its FanDuel stake sale.
In the public filing, the Las Vegas-based casino and hospitality company stated that it had “…recently experienced a cybersecurity incident in which an unauthorized third party accessed our internal IT system.”
The operator stressed that the incident had “no impact on the Company’s properties or business operations,” and it has moved quickly to secure its networks, bringing in outside cybersecurity specialists and working closely with federal law enforcement officials.
The company noted that the compromised data included information about employees and “a limited number of other individuals.” It has sent notifications to individuals whose data may have been affected by the attack and has also notified the relevant authorities.
Boyd Seeks to Reassure Investors as Questions Linger
In its filing, Boyd stated that it does not expect the breach to have a material impact on its financial health or business results. The company highlighted its “comprehensive cybersecurity insurance policy,” which is expected to help cover the bulk of costs related to response efforts, potential lawsuits, and any resulting regulatory fines.
However, the company left several important questions unanswered. The filing doesn’t mention when the intrusion began or how long it took to detect it. It also doesn’t assign blame to any known threat actor or group.
Since the filing stops short of disclosing how many records were exfiltrated or exactly what types of data were involved, the scope of the breach is unknown.
The filing comes at a time when the gaming industry’s cyber defenses are under increased scrutiny, as operators across the sector continue to battle social engineering attacks targeting their staff and IT systems.
Recent Incidents Highlight Ongoing Threats
The cyberattack on Boyd is just the latest in a string of high-profile incidents that have rattled the gaming sector in recent months.
In August, Bragg Gaming Group confirmed a cybersecurity incident involving its internal systems. While the company stated that its operations were unaffected and no consumer data was compromised, the breach highlighted the vulnerability of gaming providers to internal system attacks, as well as those targeting front-end consumer platforms.
Then there’s the Scattered Spider hacker group, also known as Muddled Libra, which first made headlines for its attacks on MGM and Caesars. These cybercriminals have set their sights on new industries, including aviation, using social engineering, phishing, and credential reset tactics to compromise targets.
In an example of just how bold these attacks have become, the Las Vegas Metropolitan Police Department arrested a teenager on September 17 for conducting “sophisticated network intrusions” against multiple casinos in the city.
From lone actors causing real damage to organized groups targeting the biggest names in gaming and hackers testing the limits of corporate infrastructure, these examples demonstrate that the gaming industry is facing cyber threats on multiple fronts.
Boyd now joins a growing list of operators caught in the crosshairs of cybercriminals.
