US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals.

Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states, including Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Missouri, Ohio, and Pennsylvania, and the management of a tribal casino in northern California. The firm employs over 16,000 people and had an annual revenue of $3.9 billion in 2024.

In a Tuesday evening FORM 8-K filing with the SEC, Boyd Gaming disclosed it recently suffered a cyberattack in which attackers gained access to its systems. 

The company states that it worked with external cybersecurity experts to respond to the attack and notified law enforcement.

However, the threat actors were able to steal data from the company's systems, which includes information about employees and individuals.

"The Company has determined that the unauthorized third party removed certain data from the Company's IT systems, including information about employees and a limited number of other individuals," reads the Boyd Gaming 8-K filing.

"The Company is notifying impacted individuals and has or will notify its various regulators and other governmental agencies as required."

Boyd Gaming states that the incident has not affected the company's operations and does not anticipate a material adverse impact on the company's financial condition.

The company says that it has a cybersecurity insurance policy, which is expected to cover costs associated with the incident.

BleepingComputer contacted Boyd Gaming with questions about the attack, but no response was immediately available.

No ransomware gangs or other threat actors have claimed responsibility for the attack.