The Target: Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states.
The Take: The threat actors were able to steal data from the company's systems, which includes information about employees and individuals.
The Vector: In a new 8-K form filed with the US Securities and Exchange Commission (SEC), the company said it experienced a cybersecurity “incident” in which unauthorized third parties accessed its IT system.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.