- Joined
- Jan 14, 2008
- Messages
- 66,494
SOURCE
Former Employee Files Lawsuit Alleging Negligence
The company is now facing legal action from Scott Levy, a former Boyd Gaming employee residing in Las Vegas, who filed a lawsuit in U.S. District Court in Nevada. Levy’s complaint, which he hopes to expand into a class action, claims Boyd failed to implement adequate safeguards to prevent the theft of personal data, including Social Security numbers and other sensitive employee and customer records.
The lawsuit argues that Boyd effectively admitted the severity of the breach. As stated in the filing, “Defendant employed ‘leading external cybersecurity experts’ and determined that ‘the unauthorized third party removed certain data from (defendant’s) IT systems, including information about employees and a limited number of other individuals.’” Levy emphasized that Boyd’s acknowledgment confirmed that personal data was stolen—not simply viewed—and that the company’s security measures were “completely inadequate.”
Levy’s lawsuit accuses Boyd of negligence, breach of implied contract, unjust enrichment, and violations of the Nevada Consumer Fraud Act. He is seeking a jury trial and hopes the court will certify the case as a class action, potentially opening the door for other affected employees and customers to join. Boyd Gaming has declined to comment on ongoing litigation beyond its official SEC disclosure.
Casino Industry Remains a Target for Hackers
Boyd Gaming’s data breach places it alongside other major Nevada casino operators that have suffered damaging cyber incidents in recent years. Caesars Entertainment admitted in 2023 that it paid hackers $15 million after its systems were compromised, while MGM Resorts International endured nine days of major operational disruption from a ransomware attack the same year. MGM later reported estimated losses of about $100 million.
Both incidents were tied to the hacking group known as “Scattered Spider,” which authorities believe was behind a series of coordinated attacks on casinos. Recently, law enforcement in Las Vegas announced the arrest of a teenager suspected of participating in some of those attacks, calling the operation a “sophisticated cyber crime.”
Cybersecurity analysts note that casinos are particularly appealing targets due to their vast troves of personal, financial, and transactional information. With operations spanning gaming, hospitality, and loyalty programs, these businesses present multiple vulnerabilities for malicious actors to exploit.
While Boyd has not disclosed the full scope of the information taken, the company acknowledged that details about employees and “a limited number of other individuals” were removed from its systems. Though casino and hotel operations remained unaffected, the disclosure has drawn significant scrutiny, particularly as companies in the gaming sector have faced escalating cyberattacks in recent years.
Former Employee Files Lawsuit Alleging Negligence
The company is now facing legal action from Scott Levy, a former Boyd Gaming employee residing in Las Vegas, who filed a lawsuit in U.S. District Court in Nevada. Levy’s complaint, which he hopes to expand into a class action, claims Boyd failed to implement adequate safeguards to prevent the theft of personal data, including Social Security numbers and other sensitive employee and customer records.
The lawsuit argues that Boyd effectively admitted the severity of the breach. As stated in the filing, “Defendant employed ‘leading external cybersecurity experts’ and determined that ‘the unauthorized third party removed certain data from (defendant’s) IT systems, including information about employees and a limited number of other individuals.’” Levy emphasized that Boyd’s acknowledgment confirmed that personal data was stolen—not simply viewed—and that the company’s security measures were “completely inadequate.”
Levy’s lawsuit accuses Boyd of negligence, breach of implied contract, unjust enrichment, and violations of the Nevada Consumer Fraud Act. He is seeking a jury trial and hopes the court will certify the case as a class action, potentially opening the door for other affected employees and customers to join. Boyd Gaming has declined to comment on ongoing litigation beyond its official SEC disclosure.
Casino Industry Remains a Target for Hackers
Boyd Gaming’s data breach places it alongside other major Nevada casino operators that have suffered damaging cyber incidents in recent years. Caesars Entertainment admitted in 2023 that it paid hackers $15 million after its systems were compromised, while MGM Resorts International endured nine days of major operational disruption from a ransomware attack the same year. MGM later reported estimated losses of about $100 million.
Both incidents were tied to the hacking group known as “Scattered Spider,” which authorities believe was behind a series of coordinated attacks on casinos. Recently, law enforcement in Las Vegas announced the arrest of a teenager suspected of participating in some of those attacks, calling the operation a “sophisticated cyber crime.”
Cybersecurity analysts note that casinos are particularly appealing targets due to their vast troves of personal, financial, and transactional information. With operations spanning gaming, hospitality, and loyalty programs, these businesses present multiple vulnerabilities for malicious actors to exploit.
While Boyd has not disclosed the full scope of the information taken, the company acknowledged that details about employees and “a limited number of other individuals” were removed from its systems. Though casino and hotel operations remained unaffected, the disclosure has drawn significant scrutiny, particularly as companies in the gaming sector have faced escalating cyberattacks in recent years.
