Las Vegas casino operator Boyd Gaming confirmed it was hit by a cyberattack that compromised certain internal systems, according to the Las Vegas Review-Journal.
Key Takeaways
- The cyberattack hit employees and individual data.
- The company has engaged federal authorities and cybersecurity experts.
- Boyd operates 11 venues in the Las Vegas Valley.
Boyd stated in a filing with the U.S. Securities and Exchange Commission that an unauthorized third party accessed its system, potentially removing data, including employee information and records tied to a limited number of other individuals.
Federal law enforcement and outside cybersecurity experts are assisting with the investigation.
The company said the incident has had no impact on the operations of its casinos or gaming properties. Boyd operates 11 properties in the Las Vegas Valley, including three downtown Las Vegas casinos, and nearly a dozen other locations across 10 states.
Boyd has begun notifying those affected and intends to alert regulators and government agencies as required by law. It also sought to reassure markets by highlighting its cybersecurity insurance policies, which, it says, cover the costs associated with an incident of this kind.
The cyberattack comes after a similar data breach at Bragg Gaming in August. According to the group, the attack targeted its internal computer systems, but it maintained there was no evidence to suggest that customer information was breached.
Teen arrested over massive 2023 Las Vegas casino cyberattack
The disclosure comes amid a rising number of cyberattacks targeting Las Vegas casinos. Last week, authorities arrested a teenager in connection with a 2023 cybercrime that hit multiple Vegas venues.
The attacks occurred between August and October, with the attackers using different names, such as "Scattered Spider" and "Octo Tempest."
The Las Vegas Metropolitan Police Department said a teenage boy was arrested for his alleged involvement, which may have cost casinos at least $100 million. The suspect faces charges that include extortion, conspiracy, and unlawful acts involving computers.
MGM Resorts International said it was hit for $100 million when the attack caused system disruptions. Caesars Entertainment also reported a breach linked to a social engineering attack on an outsourced IT support vendor.
While Caesars' physical properties and online platforms were unaffected, an unauthorized actor obtained portions of its loyalty program database, including driver’s license numbers and Social Security data for a significant number of members. Caesars confirmed it has taken steps to have the stolen data deleted.
The FBI-led Las Vegas Cyber Task Force, in conjunction with local authorities, identified the teenage suspect, who surrendered to the Clark County Juvenile Detention Center on Sept. 17.
Local prosecutors are evaluating whether to transfer him to the criminal division to face charges as an adult, but until then are not naming the suspect.
