Are you familiar with Boyd Gaming? This major casino and entertainment company in the U.S. just announced a cyberattack where an unspecified level of personal data was compromised. Let's interpret this from our perspective.
• The data that was taken included employee information, but also some data regarding “other individuals.”
• As of now, it does not appear that the full customer records were compromised.
• Boyd Gaming post-notification retained the services of outside cybersecurity firms, notified law enforcement agencies, and began sending letters to individuals that could be potential victims.
1. Employee data is frequently targeted. Large organizations hold much personal information and have a target on their back.
2. Companies have to report breaches. Boyd was required to file an official notice with regulators so that individuals would be made aware of what happened.
3. Insurance is great, but trust is easily broken. Money can be replaced, but trust is damaged and often hard to rebuild.
• What specific information was taken (did they just take names, or were bank or health records included?).
• Who the “other people” are besides employees.
• Who the cybercriminal hackers were (no one has yet claimed to have done it).
And for us? Think about your information that you give to various companies: you should always ask yourself if the company that you’re dealing with takes your personal information as seriously as they’re supposed to.
But the question we need to ask is whether or not companies are doing enough to protect our data (and should there be stricter regulations)? Something to consider the next time you share your information to anyone.
What Happened?
Boyd Gaming has casinos and hotels in multiple states with thousands of employees. The cyberattack involved hackers establishing access to Boyd’s systems and extracting data.• The data that was taken included employee information, but also some data regarding “other individuals.”
• As of now, it does not appear that the full customer records were compromised.
• Boyd Gaming post-notification retained the services of outside cybersecurity firms, notified law enforcement agencies, and began sending letters to individuals that could be potential victims.
What’s the Damage?
The good news is:- The hotels and casinos are still operational.
- They don’t think the attack will be damaging financially.
- They have cyber insurance to help with the costs.
Why It’s Important
You may be thinking, “Who cares? I don’t work for Boyd Gaming.” But these examples serve as a reminder for a few key notes:1. Employee data is frequently targeted. Large organizations hold much personal information and have a target on their back.
2. Companies have to report breaches. Boyd was required to file an official notice with regulators so that individuals would be made aware of what happened.
3. Insurance is great, but trust is easily broken. Money can be replaced, but trust is damaged and often hard to rebuild.
What We Don’t Know Yet
There are still some details we’re missing, such as:• What specific information was taken (did they just take names, or were bank or health records included?).
• Who the “other people” are besides employees.
• Who the cybercriminal hackers were (no one has yet claimed to have done it).
My Thoughts
If I was Boyd, I would work to improve preventative measures after an attack occurs: regular systems checks, training employees on cybersecurity measures, and becoming more direct or transparent with customers.And for us? Think about your information that you give to various companies: you should always ask yourself if the company that you’re dealing with takes your personal information as seriously as they’re supposed to.
Final Thoughts
To sum it all up, Boyd Gaming had a cyberattack, hackers stole some employee (and other) personal data, Boyd says business is fine (no huge financial liabilities), and Boyd is working with external professional experts as well as the police to sort all of this out and remediate any losses.But the question we need to ask is whether or not companies are doing enough to protect our data (and should there be stricter regulations)? Something to consider the next time you share your information to anyone.