A recent lawsuit has revealed that at least 11,000 individuals could have been impacted by a cybersecurity breach at Boyd Gaming, a significant concern for the company and its customers. The incident, which occurred between September 5th and 7th, involved unauthorized access to Boyd Gaming's internal IT system, potentially exposing sensitive personal information.
The lawsuit highlights the removal of personal data, including names, addresses, dates of birth, driver's license details, Social Security numbers, passport numbers, and state ID numbers. This breach has led to potential identity theft, with plaintiffs reporting fraudulent activities such as unauthorized credit card accounts and subscription services. One former employee, for instance, had their identity used to spend approximately $5,000, and their PayPal account was compromised with multiple suspicious charges.
The delay in notifying customers, until September 24th, has raised questions about the effectiveness of Boyd Gaming's incident response plan. The company's failure to promptly inform affected individuals may have exacerbated the impact of the breach. The lawsuit also emphasizes the company's negligence in not having proper security measures in place to prevent such incidents.
Boyd Gaming has offered credit monitoring and identity-related services to affected customers, but the lawsuit argues that these measures are insufficient to compensate for the harm caused. The case is ongoing, with no future court hearings scheduled as of Monday afternoon, and the company has not commented on the lawsuit due to company policy.
