Boyd Gaming Data Breach Exposes Social Security Numbers

In early September 2025, Boyd Gaming experienced a significant cybersecurity incident involving the unauthorized removal of sensitive personal information from its internal systems. The company first became aware of the breach on Sept. 6, 2025, and, following a thorough investigation, determined that the unauthorized activity began on Sept. 5 and continued until Sept. 7.

The types of consumer information exposed in this incident include names, addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers (such as state ID cards and passports), and dates of birth.

According to filings with state and federal authorities, the breach affected at least 4,300 individuals in Texas and 25 in Maine, with additional notifications sent to residents in other states.

The company disclosed the incident to the California Attorney General, Maine Attorney General, Texas Attorney General, and Vermont Attorney General between Oct. 1 and Oct. 3, 2025.

Additionally, Boyd Gaming filed a Form 8-K with the Securities and Exchange Commission on Sept. 23, 2025, providing further transparency about the event.

The breach was the result of a cyberattack in which threat actors gained unauthorized access to Boyd Gaming’s internal IT systems.

Boyd Gaming's response

For those affected, Boyd Gaming began mailing notification letters on Sept. 24, 2025, offering impacted individuals two years of complimentary identity protection services through IDX. These services include credit monitoring, dark web monitoring, and identity recovery assistance. Impacted individuals have 90 days from the date of the letter to enroll in these services, using a unique enrollment code provided in the notification.

Given the nature of the information exposed—especially Social Security numbers and government-issued ID details—impacted individuals are strongly encouraged to remain vigilant for signs of identity theft or fraud. Boyd Gaming’s consumer notice provides detailed steps for monitoring credit reports, placing fraud alerts or security freezes, and contacting the Federal Trade Commission or state attorneys general for further guidance. Affected individuals should take advantage of the free credit monitoring and identity protection services offered, and regularly review their financial accounts and credit reports for suspicious activity.