Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Boyd Gaming Corporation Unknown (2025) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

Boyd Gaming Corporation · BYD

Consumer DiscretionaryUSAIncident September 1, 2025Filed September 23, 2025

Impact score

Business continuity

—

Insurance involved

Yes

Filing

8-K · 7.01

Breach taxonomy

UnknownData ExfilPersonal DataInfo Privacy Loss

Summary

Boyd Gaming experienced a cybersecurity incident in which an unauthorized third party accessed the company's internal IT systems and removed data, including information about employees and a limited number of other individuals. The incident had no impact on the company's properties or business operations. Boyd Gaming engaged leading external cybersecurity experts and cooperated with federal law enforcement. The company maintains comprehensive cybersecurity insurance. Filed under Item 7.01; company determined the incident is not material.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to a specific actor → UNKNOWN.

MethodsData Exfil

Filing confirms that unauthorized third party accessed internal IT systems and removed (exfiltrated) data → DATA-EXFIL.

AssetsPersonal Data

Filing states the unauthorized party removed data including information about employees and a limited number of other individuals → PERSONAL-DATA.

EffectsInfo Privacy Loss

Employee and limited individual data was taken by the unauthorized party with no operational disruption → INFO-PRIVACY-LOSS.

Impact

Data exfiltration affecting employee records and limited individuals, no operational impact; company determined not material → score 2.

InsuranceYes

Filing states the Company maintains a comprehensive cybersecurity insurance policy expected to cover incident response, forensic investigations, business interruptions, legal actions and regulatory fines → true.

Read the original SEC filing excerpt

Boyd Gaming Corporation (the "Company") recently experienced a cybersecurity incident in which an unauthorized third party accessed our internal IT system. The cybersecurity incident has had no impact on the Company's properties or business operations. Upon detecting the incident, the Company promptly took steps to respond to the incident with the assistance of leading external cybersecurity experts and in cooperation with federal law enforcement authorities. The Company has determined that the unauthorized third party removed certain data from the Company's IT systems, including information about employees and a limited number of other individuals. The Company is notifying impacted individuals and has or will notify its various regulators and other governmental agencies as required. As of the date of this filing, the Company believes that the incident will not have a material adverse effect on the Company's financial condition or results of operations. The Company maintains a comprehensive cybersecurity insurance policy, which we expect will cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any, subject to policy limits and deductibles.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Consumer Discretionary

Unknown · March 28, 2026

Hasbro, Inc.

On March 28, 2026, Hasbro identified unauthorized access to its corporate network. The company activated its security incident response prot…

Unknown · March 19, 2026

RCI Hospitality Holdings, Inc.

RCI Internet Services, a subsidiary of RCI Hospitality Holdings, discovered on March 23, 2026 a cybersecurity incident that began on March 1…

Priv Insider · November 18, 2025

Coupang, Inc.

On November 18, 2025, Coupang Corp. (a Korean subsidiary of Coupang, Inc.) detected a cybersecurity incident in which a former employee may …

Cyber Criminals · October 15, 2025

Jewett-Cameron Trading Co. Ltd.

On October 15, 2025, Jewett-Cameron Trading Co. Ltd. discovered a threat actor had gained unauthorized access to its IT environment, deployi…