Cyber incident at Boyd Gaming (NYSE: BYD) prompts data notifications
Rhea-AI Filing Summary
Boyd Gaming Corporation reports a cybersecurity incident involving an unauthorized third party accessing its internal IT systems. The company states that the incident has had no impact on its properties or business operations. The third party removed certain data, including information about employees and a limited number of other individuals, and Boyd Gaming is notifying those affected along with relevant regulators and governmental agencies.
The company currently believes the incident will not have a material adverse effect on its financial condition or results of operations. Boyd Gaming maintains a comprehensive cybersecurity insurance policy, which it expects will cover costs for incident response, forensic investigations, potential business interruptions, legal actions, and any regulatory fines, subject to policy limits and deductibles. The company also highlights potential legal, reputational, and financial risks as it continues to assess the incident.
Positive
- None.
Negative
- None.
Insights
Cyber incident appears contained operationally, but legal and reputational risks remain.
Boyd Gaming Corporation discloses that an unauthorized third party accessed its internal IT systems and removed certain data, including information about employees and a limited number of other individuals. The company states that its properties and business operations were not affected, which suggests core gaming and hospitality services continued as normal despite the incident.
The company believes the incident will not have a material adverse effect on its financial condition or results of operations, and it carries a comprehensive cybersecurity insurance policy. That policy is expected to cover incident response, forensic work, business interruptions, legal actions, and regulatory fines, subject to limits and deductibles, which may soften direct financial impact.
Management nonetheless lists a wide range of forward-looking risks tied to this event, including its ongoing assessment of the incident, its ability to contain and remediate it, and potential effects on relationships with customers, employees, and regulators. It also points to possible legal, reputational, and financial consequences, as well as remediation and other additional costs, indicating that the ultimate impact will depend on investigation findings and any subsequent regulatory or legal outcomes.
8-K Event Classification
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the
Securities Exchange Act of 1934
Date of Report (date of earliest event reported):
(Exact Name of Registrant as Specified in its Charter)
| (State or Other Jurisdiction of Incorporation) |
(Commission File Number) | (I.R.S. Employer Identification Number) |
(Address of Principal Executive Offices, Including Zip Code)
(Registrant’s Telephone Number, Including Area Code)
(Former Name or Former Address, if Changed Since Last Report)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
| Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) |
| Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) |
| Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) |
| Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) |
Securities registered pursuant to Section 12(b) of the Exchange Act:
| Title of each class |
Trading |
Name of each exchange | ||
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
| Item 7.01. | Regulation FD Disclosure. |
Boyd Gaming Corporation (the “Company”) recently experienced a cybersecurity incident in which an unauthorized third party accessed our internal IT system. The cybersecurity incident has had no impact on the Company’s properties or business operations.
Upon detecting the incident, the Company promptly took steps to respond to the incident with the assistance of leading external cybersecurity experts and in cooperation with federal law enforcement authorities.
The Company has determined that the unauthorized third party removed certain data from the Company’s IT systems, including information about employees and a limited number of other individuals. The Company is notifying impacted individuals and has or will notify its various regulators and other governmental agencies as required.
As of the date of this filing, the Company believes that the incident will not have a material adverse effect on the Company’s financial condition or results of operations. The Company maintains a comprehensive cybersecurity insurance policy, which we expect will cover costs associated with incident response and forensic investigations, as well as business interruptions, legal actions and regulatory fines, if any, subject to policy limits and deductibles.
The information included in Item 7.01 of this Current Report on Form 8-K is being furnished and shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or otherwise subject to the liabilities of that section, nor shall it be deemed incorporated by reference into any other filing under the Securities Act of 1933, as amended, or the Exchange Act, regardless of any general incorporation language in any such filing.
Forward-looking Statements and Company Information
This report contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Such statements contain words such as “may,” “will,” “might,” “expect,” “believe,” “anticipate,” “could,” “would,” “estimate,” “continue,” “pursue,” or the negative thereof or comparable terminology, and may include (without limitation) information regarding the Company’s expectations, goals or intentions regarding future performance. These forward-looking statements are based on the current beliefs and expectations of management and involve risks and uncertainties that could cause actual results to differ materially from those expressed in the forward-looking statements. Many of these risks and uncertainties relate to factors that are beyond Boyd Gaming’s ability to control or estimate precisely.
Factors that might cause the Company’s actual results to differ materially from those anticipated in forward-looking statements include, but are not limited to: the Company’s ongoing assessment of the impacts of the cybersecurity incident, including the Company’s potential discovery of additional information related to the incident in connection with its investigation or otherwise; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the impact of the cybersecurity incident on the Company’s relationships with customers, employees, and governmental regulators; the legal, reputational, and financial risks resulting from the cybersecurity incident, including as may arise from any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with the incident; remediation and other additional costs that may be incurred by the Company in connection with the investigation and remediation of the incident; and the risks discussed under the heading “Risk Factors” and in other sections of the Company’s Annual Report on Form 10-K, its Quarterly Reports on Form 10-Q, and in the Company’s other current and periodic reports filed from time to time with the SEC. The reader is cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date of this release. All forward-looking statements in this report are made as of the date hereof, based on information available to the Company as of the date hereof, and the Company assumes no obligation to update any forward-looking statement.
# # # #
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| Date: September 23, 2025 | BOYD GAMING CORPORATION | |||||
| By: | /s/ Josh Hirsberg | |||||
| Josh Hirsberg Executive Vice President, Chief Financial Officer and Treasurer | ||||||