Boyd Gaming now faces five separate lawsuits following a September data breach. Former employee Scott Levy filed first on September 25 in US District Court. Four more plaintiffs submitted their cases on September 30.
The plaintiffs live across different states. Levy resides in Las Vegas, where Boyd runs 14 casino properties. Another Las Vegas resident joined the September 30 filings.
The remaining three plaintiffs filed from Ohio, Texas and Louisiana. All five cases seek class action status. That would bring thousands of current workers, former employees and customers into the legal proceedings.
Why This Data Breach Sparked Multiple Lawsuits
Boyd told the Securities and Exchange Commission about the incident on September 23. But the lawsuits claim the breach actually happened between September 5-7. That’s a two-week gap between the attack and the disclosure.
One filing goes further. It accuses Boyd of knowing about the breach well before the SEC notification. “While defendant claims to have discovered the breach as early as Sept. 6, defendant did not begin informing victims of the data breach until much later,” the lawsuit states.
The complaint adds another concern. Boyd “failed to inform victims when or for how long the data breach occurred.”
The plaintiffs argue this delay left them vulnerable. “Representative plaintiff and class members were wholly unaware of the data breach until they received letters from defendant informing them of it,” according to court documents.
What Hackers Took From Boyd’s Systems
The SEC filing from September 23 confirmed hackers removed employee information and records from Boyd’s systems. The company didn’t specify exactly what data got stolen. It also hasn’t revealed how many people were affected.
Boyd began notifying victims the same day it filed with the SEC. The operator says it alerted all required regulators and government agencies as the law demands.
The company still hasn’t publicly revealed when the breach originally occurred. The lawsuits fill that gap, claiming it happened during a three-day window in early September.
How Boyd’s Handling This Legal Challenge
The operator maintains a standard policy on pending litigation. It won’t comment on active legal cases. That policy extends to these five breach-related lawsuits.
The timing creates additional pressure for Boyd. Fanatics Betting and Gaming partnered with the operator on August 25. That multi-year deal aims to expand retail and online sportsbook operations into Missouri.
The lawsuits now threaten to complicate Boyd’s business across multiple states. Class action status could significantly increase the company’s financial exposure from this security incident. The plaintiffs are seeking damages for what they describe as inadequate data protection and delayed notification.
