Former Boyd Gaming Employee Sues Company Over Data Breach

As Boyd Gaming is dealing with the fallout of a cyberattack against its operations, the company is now set to face at least one lawsuit from a former employee who is suing the company over the theft of personally identifiable information.

Boyd Gaming Now Faces Legal Challenge from Former Employee

The lawsuit, filed in the US District Court for the District of Nevada last week, also seeks to add more plaintiffs to the original complaint by Scott Levy, on whose behalf the case was filed. The goal is to turn the lawsuit into a class action, with the complaint alleging that Boyd Gaming could have prevented the data leak. In the complaint, Levy and his legal team stipulated:

“Defendant employed ‘leading external cybersecurity experts’ and determined that ‘the unauthorized third party removed certain data from (defendant’s) IT systems, including information about employees and a limited number of other individuals.

Thus, defendant admitted that personally identifiable information was actually stolen during the data breach, confessing that the information was not just accessed, but was ‘removed’ from Boyd’s system.”

The information that was allegedly lifted by hackers includes Social Security numbers of both current and former employees, as well as company customers. Boyd Gaming has remained tight-lipped about the accident, although MGM Resorts International has volunteered to have its security team work alongside Boyd’s to mitigate the impact of the attack.

Levy insisted that Boyd Gaming did not act in good faith, arguing that it had failed to reveal when the attack first occurred, nor whether it had paid ransomware.

The plaintiff claims that Boyd Gaming’s system, tied to the company’s cyber and data security, was “completely inadequate” and thus allowed the hackers to gain a foothold and access highly sensitive and crucial personal information.

Cyberattacks Are an Increasing Issue for Tribal and Commercial Operators

Boyd Gaming will now have to face the lawsuit, although it has refused to comment on media publications that reached out, citing that it does not comment on pending litigation. Among the accusations Boyd Gaming now faces are negligence, breach of implied contract, unjust enrichment, and more.

Boyd Gaming is hardly the only company to have been hard hit by cybercriminals. Caesars Entertainment is said to have paid $15 million to release its systems, and so has MGM Resorts International, which is said to have paid a much smaller amount, but no exact figure is known.