ACHS
Company Details
Linkedin ID:
aliante-casino-hotel
Employees number:
183
Number of followers:
1,196
NAICS:
713
Industry Type:
Homepage:
aliantecasinohotel.com
IP Addresses:
0
Company ID:
ALI_2591844
Scan Status:
In-progress
Aliante Casino + Hotel + Spa Company CyberSecurity Posture
aliantecasinohotel.com
Aliante Casino + Hotel + Spa is situated on more than 40 pristine acres within the Aliante master-planned community at Aliante Parkway and Interstate 215. The AAA Four Diamond Hotel features more than 200 hotel rooms and suites, five signature restaurants, a 650-seat showroom, more than 100,000 square feet of gaming space, a resort-style pool and a new 3,500-square-foot spa.
Aliante Casino + Hotel + Spa A.I CyberSecurity Scoring
ACHS Risk Score (AI oriented)Between 750 and 799
ACHS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ACHS Global Score (TPRM)XXXX
ACHS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ACHS Company CyberSecurity News & History
Past Incidents
6
Attack Types
1
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming Corporation, a Las Vegas-based casino operator, suffered a cyberattack resulting in unauthorized access to its internal IT systems. The breach led to the theft of sensitive data, primarily employee information and a limited number of other individuals' details. While the attack did not disrupt business operations or casino properties, the exfiltrated data included confidential employee records. The company has engaged federal law enforcement and external cybersecurity experts to investigate and mitigate the incident. Boyd Gaming holds cybersecurity insurance to cover related costs, including forensic analysis, legal claims, and regulatory fines. Despite the breach, the company does not anticipate a material adverse financial impact. The incident aligns with a broader trend of cyberattacks targeting Las Vegas casinos and government entities, though no group has claimed responsibility for this specific attack. Notification of affected parties and regulatory bodies is underway as part of the response protocol.
Boyd Gaming Corp.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming Corp., a major Las Vegas-based casino operator with 11 properties in the Las Vegas Valley and additional locations across 10 U.S. states, suffered a cyberattack in early September 2023 (reportedly between **September 5–7**). The breach involved unauthorized access and exfiltration of **employee data and records tied to a limited number of other individuals**, including customers and former employees. The company delayed notifying victims, with lawsuits alleging negligence in safeguarding personal information and failing to disclose the breach promptly. Multiple class-action lawsuits—filed by employees, ex-employees, and customers from Nevada, Texas, Louisiana, and Ohio—accuse Boyd of **breach of implied contract, negligence, invasion of privacy, and unjust enrichment**. The SEC filing confirmed data theft, but Boyd has not clarified whether ransomware was involved or if a ransom was paid. The incident impacts **thousands of individuals**, raising concerns over financial fraud, identity theft, and reputational damage to the company. Plaintiffs claim Boyd **intentionally obscured the breach’s scope**, including how hackers accessed sensitive data and the duration of unauthorized access.
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming Corporation, a major U.S. gambling and hospitality company operating 28 casinos and online gaming platforms, suffered a data breach in early September 2025. An unauthorized third party gained access to its internal IT systems between **September 5–7, 2025**, exfiltrating sensitive personally identifiable information (PII) of customers. The compromised data included **names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers (e.g., passports), and dates of birth**. The breach impacted thousands of individuals across multiple states, with **4,300 affected in Texas alone**. Boyd Gaming notified regulators, attorney general offices, and the **U.S. Securities and Exchange Commission (SEC)**. While the company offered **two years of free credit monitoring and identity protection services**, the exposure of high-risk PII (e.g., SSNs, driver’s licenses) poses significant long-term risks, including **identity theft, financial fraud, and unauthorized account access**. Legal firms are investigating potential class-action lawsuits, as affected individuals may be entitled to compensation for the **unauthorized exposure of their sensitive data**, even if no immediate fraud has occurred. The breach underscores vulnerabilities in Boyd Gaming’s cybersecurity defenses, particularly given the **targeted extraction of highly sensitive customer records** by external threat actors.
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming Corporation, a major casino and entertainment company, suffered a cyber breach in September 2025 where unauthorized actors infiltrated its internal systems and exfiltrated confidential data. The stolen information included employee records (such as Social Security numbers) and data from a limited number of other individuals. While casino and hotel operations remained unaffected, the breach triggered legal action from a former employee, Scott Levy, who filed a class-action lawsuit alleging negligence, breach of implied contract, and violations of Nevada’s Consumer Fraud Act. The lawsuit argues Boyd’s security measures were inadequate, as the company admitted personal data was stolen—not merely accessed. The incident follows a trend of escalating cyberattacks on the gaming sector, with prior high-profile cases like Caesars Entertainment (paid $15M ransom) and MGM Resorts (lost ~$100M in disruptions). Boyd is cooperating with cybersecurity experts and law enforcement, but the breach underscores growing legal, financial, and reputational risks tied to data exposure in the industry.
Boyd Gaming
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming, a major casino entertainment company, suffered a cyber breach where an unauthorized third party infiltrated its IT systems and exfiltrated sensitive data belonging to current/former employees and a limited number of customers. The breach has triggered five class-action lawsuits, with plaintiffs—including employees and customers—alleging negligence in cybersecurity safeguards. The stolen data reportedly includes personal information, leading to increased spam calls and phishing attempts for affected individuals. While Boyd Gaming confirmed the incident in an SEC filing and claimed casino operations remained unaffected, it has not disclosed the exact timeline, scope of stolen data, or whether a ransom was paid. The company is relying on cybersecurity insurance to cover investigation costs, lawsuits, and potential regulatory fines. The breach aligns with a broader trend of cyberattacks targeting Nevada’s gaming industry, following similar incidents at MGM Resorts and Caesars Entertainment in 2023.
Boyd Gaming
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming suffered a cyberattack where hackers infiltrated its IT systems, compromising sensitive data of **current and former employees** as well as **a limited number of customers**. The breach led to **five class-action lawsuits**, with plaintiffs alleging negligence in cybersecurity measures. Affected individuals reported **increased spam calls and phishing attempts**, while the company failed to notify some victims directly. Though casino operations remained unaffected, the breach exposed **personal and employment-related data**, triggering legal, financial, and reputational repercussions. The incident aligns with a broader trend of cyberattacks targeting Nevada’s gaming sector, including prior breaches at MGM Resorts and Caesars Entertainment. Boyd Gaming acknowledged the attack in a regulatory filing but did not disclose whether ransomware was involved or if a ransom was paid. The company is relying on cybersecurity insurance to cover costs, including investigations and potential penalties.
ACHS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ACHS
Incidents vs Gambling Facilities and Casinos Industry Average (This Year)
No incidents recorded for Aliante Casino + Hotel + Spa in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Aliante Casino + Hotel + Spa in 2025.
Incident Types ACHS vs Gambling Facilities and Casinos Industry Avg (This Year)
No incidents recorded for Aliante Casino + Hotel + Spa in 2025.
Incident History — ACHS (X = Date, Y = Severity)
ACHS cyber incidents detection timeline including parent company and subsidiaries
ACHS Company Subsidiaries
Aliante Casino + Hotel + Spa is situated on more than 40 pristine acres within the Aliante master-planned community at Aliante Parkway and Interstate 215. The AAA Four Diamond Hotel features more than 200 hotel rooms and suites, five signature restaurants, a 650-seat showroom, more than 100,000 square feet of gaming space, a resort-style pool and a new 3,500-square-foot spa.
Loading...
ACHS Similar Companies
NRT Technology Corp.
NRT is a global technology leader in the design and development of next-generation fin-tech and guest and player engagement platforms. Enabling millions of unique guest services for enterprise gaming operators both. Our solution portfolio include secure payment systems, Integration Casino Resort Mob
Belterra Casino Resort
Nestled in the heart of Indiana, Belterra Casino Resort is the every day escape for Indiana, Kentucky and Ohio. Belterra is just a short drive from Cincinnati, Lexington, Louisville and Indianapolis boasting over 600 guest rooms & suites, high-end shopping, concerts, meetings rooms, delicious restau
Shoalwater Bay Casino
Nestled on the North rim of scenic Willapa Bay in Tokeland, Washington Shoalwater Bay Casino is the best kept secret on Washington's South Beach. With slots, table games, a lounge and a fantastic buffet our small and friendly casino is the fun for everyone. We offer ocean front rooms at Tradewinds O
Genesis Global Limited
Genesis Global is a leading, mobile-first global gaming operator, with a 20 brand strong casino portfolio. Headquartered in Malta, with offices in Gdańsk, Poland and Gibraltar, Genesis is a fast-paced team of experts dedicated to bringing innovative and unique entertainment experiences. Founded in
Tioga Downs Casino Resort
Tioga Downs Casino Resort is 100% smoke-free with 160 spacious guestrooms & suite accommodations that overlook the beautiful rolling hills of the Southern Tier. Our convenient inside access to the adjoining casino featuring 890 slot machines, 28 table games & a poker room, just a few steps away! Wit
ZEbetting & Gaming Nederland BV
ZEbetting & Gaming Nederland BV opereert in Nederland onder het merknaam Runnerz en is onderdeel van Groupe ZEturf Frankrijk. Runnerz is in Nederland de enige vergunninghouder voor het organiseren (verkopen) van weddenschappen op binnenlandse en buitenlandse paardenraces via het zogeheten totalisato
.png)
ACHS CyberSecurity News
November 27, 2025 09:05 PM
Examining Palo Alto Networks After Recent Share Price Decline and Cybersecurity Partnerships
Thinking about whether Palo Alto Networks is a buy right now? If you have even a hint of curiosity about the stock's value,...
November 27, 2025 08:56 PM
Virtual Infosec Africa and Exabeam launch AI-driven monthly-subscription cybersecurity solution for businesses
By Juliet ETEFE ([email protected]) Virtual Infosec Africa (VIA), in partnership with global cybersecurity firm Exabeam, has launched Ghana's...
November 27, 2025 08:42 PM
DIG Mohit Chawla recognised for excellence in cybersecurity
Mohit Chawla, Deputy Inspector General (DIG) of Himachal Pradesh Police, has been honoured with the Chief Information Security Officer...
November 27, 2025 07:43 PM
Cybersecurity expert warns of online shopping scams ahead of Black Friday weekend
CINCINNATI (WXIX) -As Black Friday weekend approaches, cybersecurity experts are warning shoppers about increased online scams targeting...
November 27, 2025 07:35 PM
Fasken’s Noteworthy News: Privacy & Cybersecurity in Canada, the US and the EU (November 2025)
There have been a lot of updates in privacy and cybersecurity in the last month. Read on to find out what they are.
November 27, 2025 07:30 PM
Cybersecurity experts alarmed by Snapchat's age-verification plan
As the social media ban for kids under 16 approaches, popular messaging app Snapchat says young people will be able to verify their age by...
November 27, 2025 07:00 PM
Protect Your Data This Thanksgiving! 🦃 The holidays bring more than just food and fun—they also bring a rise in cybercrime. From fake shopping deals to fraudulent charity donations, cybercriminals know the holiday season can make us distracted and rushed
November 27, 2025 07:00 PM
Zero Trust Architecture 2025: The Ultimate Cybersecurity Shield for Modern Enterprises
Zero Trust Architecture (ZTA) is the future of cybersecurity — it is more than just a catchphrase, but recognizes that “there is no user or...
November 27, 2025 05:20 PM
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
A 15‑year‑old in Jordan who goes by the handle “Rey” online has been allegedly identified as a key figure in the hacking crew Scattered...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ACHS CyberSecurity History Information
Official Website of Aliante Casino + Hotel + Spa
The official website of Aliante Casino + Hotel + Spa is http://www.aliantecasinohotel.com.
Aliante Casino + Hotel + Spa’s AI-Generated Cybersecurity Score
According to Rankiteo, Aliante Casino + Hotel + Spa’s AI-generated cybersecurity score is 767, reflecting their Fair security posture.
How many security badges does Aliante Casino + Hotel + Spa’ have ?
According to Rankiteo, Aliante Casino + Hotel + Spa currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Aliante Casino + Hotel + Spa have SOC 2 Type 1 certification ?
According to Rankiteo, Aliante Casino + Hotel + Spa is not certified under SOC 2 Type 1.
Does Aliante Casino + Hotel + Spa have SOC 2 Type 2 certification ?
According to Rankiteo, Aliante Casino + Hotel + Spa does not hold a SOC 2 Type 2 certification.
Does Aliante Casino + Hotel + Spa comply with GDPR ?
According to Rankiteo, Aliante Casino + Hotel + Spa is not listed as GDPR compliant.
Does Aliante Casino + Hotel + Spa have PCI DSS certification ?
According to Rankiteo, Aliante Casino + Hotel + Spa does not currently maintain PCI DSS compliance.
Does Aliante Casino + Hotel + Spa comply with HIPAA ?
According to Rankiteo, Aliante Casino + Hotel + Spa is not compliant with HIPAA regulations.
Does Aliante Casino + Hotel + Spa have ISO 27001 certification ?
According to Rankiteo,Aliante Casino + Hotel + Spa is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Aliante Casino + Hotel + Spa
Aliante Casino + Hotel + Spa operates primarily in the Gambling Facilities and Casinos industry.
Number of Employees at Aliante Casino + Hotel + Spa
Aliante Casino + Hotel + Spa employs approximately 183 people worldwide.
Subsidiaries Owned by Aliante Casino + Hotel + Spa
Aliante Casino + Hotel + Spa presently has no subsidiaries across any sectors.
Aliante Casino + Hotel + Spa’s LinkedIn Followers
Aliante Casino + Hotel + Spa’s official LinkedIn profile has approximately 1,196 followers.
Aliante Casino + Hotel + Spa’s Presence on Crunchbase
No, Aliante Casino + Hotel + Spa does not have a profile on Crunchbase.
Aliante Casino + Hotel + Spa’s Presence on LinkedIn
Yes, Aliante Casino + Hotel + Spa maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/aliante-casino-hotel.
Cybersecurity Incidents Involving Aliante Casino + Hotel + Spa
As of November 27, 2025, Rankiteo reports that Aliante Casino + Hotel + Spa has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
Aliante Casino + Hotel + Spa has an estimated 895 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Aliante Casino + Hotel + Spa ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Aliante Casino + Hotel + Spa detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with federal law enforcement, third party assistance with external cybersecurity experts, and and communication strategy with sec form 8-k filing, communication strategy with regulatory notifications, communication strategy with affected party notifications, and and third party assistance with leading external cybersecurity experts, and and communication strategy with sec filing, communication strategy with notifying affected individuals, communication strategy with regulatory disclosures, and incident response plan activated with yes (investigation conducted), and remediation measures with notification of affected individuals, remediation measures with regulatory disclosures (sec filing), and communication strategy with delayed victim notification, communication strategy with sec filing on 2023-09-23, and and third party assistance with leading cybersecurity experts, and and communication strategy with public disclosure via securities regulators filing, and incident response plan activated with yes (with assistance from external cybersecurity experts), and third party assistance with yes (leading external cybersecurity experts), and law enforcement notified with yes (cooperation with federal law enforcement), and communication strategy with sec filing (2023-09-23), communication strategy with no direct notification to all affected individuals (e.g., scott levy not notified), and incident response plan activated with yes (with external cybersecurity experts), and third party assistance with yes (external cybersecurity experts), and law enforcement notified with yes (federal law enforcement), and recovery measures with offered two years of free credit monitoring and identity protection (via idx, including dark web monitoring and identity recovery services), and communication strategy with notifications sent to affected individuals, regulators, and state attorney general offices; sec filing..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on Boyd Gaming Corporation
Description: Las Vegas-based casino operator Boyd Gaming Corporation confirmed a cyberattack resulting in unauthorized access to its internal IT systems and theft of sensitive data, including employee information. The breach was disclosed in a Form 8-K filing to the U.S. SEC. While no operational disruptions occurred, data exfiltration included employee and limited third-party information. Federal law enforcement and external cybersecurity experts are investigating. The company expects its cybersecurity insurance to cover related costs and does not anticipate material financial impact.
Date Publicly Disclosed: 2025-09-24
Type: Data Breach
Title: Boyd Gaming Corporation Data Breach (2025)
Description: Boyd Gaming Corporation, a major casino and entertainment company, disclosed a cybersecurity breach in September 2025 where unauthorized actors stole confidential employee and customer data. The breach prompted a lawsuit alleging negligence, while the company assured that casino and hotel operations remained unaffected. Boyd enlisted external cybersecurity experts and federal law enforcement to investigate the incident, which is part of a broader trend of cyberattacks targeting the gaming sector.
Date Publicly Disclosed: 2025-09-23
Type: Data Breach
Motivation: Data TheftPotential Financial GainFraud/Identity Theft
Title: Boyd Gaming Corp. Data Breach (September 2023)
Description: A cyberattack against Boyd Gaming Corp., a Las Vegas-based casino company, resulted in the theft of personally identifying information (PII) of employees, ex-employees, and customers. The breach was discovered in early September 2023, with unauthorized activity occurring between September 5–7. The company delayed notifying victims and has faced multiple class-action lawsuits alleging negligence, failure to safeguard data, and lack of transparency. The attackers exfiltrated employee data and records tied to a limited number of other individuals. Boyd operates 11 casinos in Las Vegas and nearly a dozen other gaming locations across 10 U.S. states.
Date Detected: 2023-09-06
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Motivation: Data TheftFinancial Gain
Title: Boyd Gaming Data Breach and Multiple Lawsuits
Description: Boyd Gaming admitted that hackers infiltrated its IT infrastructure, compromising sensitive data involving employees and other individuals connected to the company. The breach led to multiple class-action lawsuits alleging inadequate cybersecurity measures. The company acknowledged the attack on September 23, confirming unauthorized access to employee and limited third-party data. Casino operations remained unaffected, and Boyd Gaming is relying on cybersecurity insurance to cover breach-related costs.
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Title: Boyd Gaming Data Breach and Class-Action Lawsuits
Description: Boyd Gaming admitted that hackers breached their IT systems and stole sensitive employee and customer data, leading to five class-action lawsuits. The breach exposed personal information, with plaintiffs alleging inadequate cybersecurity measures. The company acknowledged the incident in an SEC filing and stated it is cooperating with law enforcement and cybersecurity experts. Casino operations were reportedly unaffected, and Boyd believes its cybersecurity insurance will cover related costs, including lawsuits and potential fines. The exact timeline, data types stolen, and whether a ransom was paid remain undisclosed.
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Motivation: Financial GainData Theft
Title: Boyd Gaming Corporation Data Breach (2025)
Description: Boyd Gaming Corporation, a major American gambling and hospitality company, experienced a cybersecurity incident in September 2025 involving unauthorized access to its internal IT systems. An unauthorized third party exfiltrated sensitive personally identifiable information (PII) of individuals, including names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers, and dates of birth. The breach impacted at least 4,325 individuals across multiple states, with notifications sent to regulators, attorney general offices, and the U.S. Securities and Exchange Commission (SEC). Boyd Gaming is offering two years of free credit monitoring and identity protection services to affected individuals.
Date Detected: 2025-09-06
Type: Data Breach
Threat Actor: Unauthorized third party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BOY3392633092425
Data Compromised: Employee information, Limited third-party data
Systems Affected: Internal IT Systems
Downtime: None
Operational Impact: None
Identity Theft Risk: Potential (Employee Data)
Incident : Data Breach BOY1692216092925
Data Compromised: Employee records, Customer records, Social security numbers, Personally identifiable information (pii)
Systems Affected: Internal IT Systems
Operational Impact: None (casino and hotel operations remained unaffected)
Brand Reputation Impact: Moderate (legal action and regulatory scrutiny)
Legal Liabilities: Lawsuit filed by former employee (Scott Levy)Potential class actionAllegations of negligence, breach of implied contract, unjust enrichment, and violations of the Nevada Consumer Fraud Act
Identity Theft Risk: High (Social Security numbers and sensitive data exposed)
Incident : Data Breach BOY5992559100125
Data Compromised: Personally identifiable information (pii), Employee records
Customer Complaints: ['Multiple Lawsuits Filed']
Brand Reputation Impact: Negative PublicityLoss of Trust
Legal Liabilities: Four Class-Action Lawsuits (Nevada, Louisiana, Texas, Ohio)Allegations of NegligenceBreach of Implied ContractInvasion of Privacy
Identity Theft Risk: ['High (PII Exposed)']
Incident : Data Breach BOY0532805100225
Systems Affected: IT infrastructure
Operational Impact: None (casino operations remained unaffected)
Customer Complaints: True
Legal Liabilities: Multiple class-action lawsuits filed
Identity Theft Risk: True
Incident : Data Breach BOY5993359100225
Data Compromised: Employee data, Customer data
Systems Affected: Internal IT Systems
Operational Impact: None (casino operations unaffected)
Customer Complaints: Increase in spam calls and phishing texts reported by at least one plaintiff (Scott Levy)
Brand Reputation Impact: Negative (multiple class-action lawsuits filed, allegations of inadequate cybersecurity)
Legal Liabilities: Five class-action lawsuits filedPotential regulatory fines
Identity Theft Risk: High (plaintiffs report increased spam/phishing attempts)
Incident : Data Breach BOY1002810100425
Data Compromised: Name of individual, Address, Social security number, Driver’s license number, Government-issued id number (e.g., passport, state id card), Date of birth
Systems Affected: Internal IT systems
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive customer data
Legal Liabilities: Potential lawsuits and regulatory scrutiny (e.g., SEC, state attorneys general)
Identity Theft Risk: High (due to exposure of SSNs, driver’s license numbers, and other PII)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Information, Third-Party Personal Data, , Employee Data, Customer Data, Social Security Numbers, Pii, , Personally Identifiable Information (Pii), Employee Records, , Employee Data, Limited Third-Party Data, , Employee Data, Customer Data, Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Sensitive Identification Documents and .
Which entities were affected by each incident ?
Incident : Data Breach BOY3392633092425
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Size: 16,000+ employees, $3.9B annual revenue (2024)
Customers Affected: Limited number of individuals (beyond employees)
Incident : Data Breach BOY1692216092925
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gaming, Hospitality, Entertainment
Location: Las Vegas, Nevada, USA
Size: Large (operates 11 casinos in Las Vegas Valley and nearly a dozen more across 10 states)
Customers Affected: Limited number of individuals (employees and customers)
Incident : Data Breach BOY5992559100125
Entity Name: Boyd Gaming Corp.
Entity Type: Corporation
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Size: Large (11 casinos in Las Vegas Valley, ~12 other locations across 10 states)
Customers Affected: Thousands (employees, ex-employees, and customers)
Incident : Data Breach BOY0532805100225
Entity Name: Boyd Gaming
Entity Type: Corporation
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Customers Affected: True
Incident : Data Breach BOY5993359100225
Entity Name: Boyd Gaming
Entity Type: Public Company
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Customers Affected: Limited number of individuals (exact count undisclosed)
Incident : Data Breach BOY1002810100425
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gambling and Hospitality
Location: Paradise, Nevada, USA
Size: Large (28 casinos and entertainment properties across 10 states, plus online gaming operations)
Customers Affected: 4,325+ (e.g., 4,300 in Texas, 25 in Maine)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BOY3392633092425
Incident Response Plan Activated: True
Third Party Assistance: Federal Law Enforcement, External Cybersecurity Experts.
Communication Strategy: SEC Form 8-K FilingRegulatory NotificationsAffected Party Notifications
Incident : Data Breach BOY1692216092925
Incident Response Plan Activated: True
Third Party Assistance: Leading External Cybersecurity Experts.
Communication Strategy: SEC filingNotifying affected individualsRegulatory disclosures
Incident : Data Breach BOY5992559100125
Incident Response Plan Activated: Yes (Investigation Conducted)
Remediation Measures: Notification of Affected IndividualsRegulatory Disclosures (SEC Filing)
Communication Strategy: Delayed Victim NotificationSEC Filing on 2023-09-23
Incident : Data Breach BOY0532805100225
Incident Response Plan Activated: True
Third Party Assistance: Leading Cybersecurity Experts.
Communication Strategy: Public disclosure via securities regulators filing
Incident : Data Breach BOY5993359100225
Incident Response Plan Activated: Yes (with assistance from external cybersecurity experts)
Third Party Assistance: Yes (leading external cybersecurity experts)
Law Enforcement Notified: Yes (cooperation with federal law enforcement)
Communication Strategy: SEC filing (2023-09-23)No direct notification to all affected individuals (e.g., Scott Levy not notified)
Incident : Data Breach BOY1002810100425
Incident Response Plan Activated: Yes (with external cybersecurity experts)
Third Party Assistance: Yes (external cybersecurity experts)
Law Enforcement Notified: Yes (federal law enforcement)
Recovery Measures: Offered two years of free credit monitoring and identity protection (via IDX, including dark web monitoring and identity recovery services)
Communication Strategy: Notifications sent to affected individuals, regulators, and state attorney general offices; SEC filing
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (Investigation Conducted), , Yes (with assistance from external cybersecurity experts), Yes (with external cybersecurity experts).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Federal Law Enforcement, External Cybersecurity Experts, , Leading external cybersecurity experts, , Leading cybersecurity experts, , Yes (leading external cybersecurity experts), Yes (external cybersecurity experts).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BOY3392633092425
Type of Data Compromised: Employee information, Third-party personal data
Sensitivity of Data: High (Personally Identifiable Information)
Incident : Data Breach BOY1692216092925
Type of Data Compromised: Employee data, Customer data, Social security numbers, Pii
Sensitivity of Data: High
Incident : Data Breach BOY5992559100125
Type of Data Compromised: Personally identifiable information (pii), Employee records
Number of Records Exposed: Several Thousand
Sensitivity of Data: High (PII)
Data Exfiltration: Yes
Personally Identifiable Information: NamesEmployee DataCustomer Data (potential)
Incident : Data Breach BOY0532805100225
Type of Data Compromised: Employee data, Limited third-party data
Sensitivity of Data: High (personal information)
Incident : Data Breach BOY5993359100225
Type of Data Compromised: Employee data, Customer data, Personally identifiable information (pii)
Sensitivity of Data: High (described as a 'treasure trove' of private information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach BOY1002810100425
Type of Data Compromised: Personally identifiable information (pii), Sensitive identification documents
Number of Records Exposed: 4,325+ (exact total undisclosed)
Sensitivity of Data: High (includes SSNs, driver’s license numbers, and government-issued IDs)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (names, addresses, SSNs, driver’s license numbers, government-issued IDs, dates of birth)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Notification of Affected Individuals, Regulatory Disclosures (SEC Filing), .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach BOY3392633092425
Data Exfiltration: True
Incident : Data Breach BOY1692216092925
Data Exfiltration: True
Incident : Data Breach BOY5992559100125
Data Exfiltration: Yes
Incident : Data Breach BOY0532805100225
Data Exfiltration: True
Incident : Data Breach BOY5993359100225
Data Exfiltration: Yes
Incident : Data Breach BOY1002810100425
Data Exfiltration: Yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offered two years of free credit monitoring and identity protection (via IDX, including dark web monitoring and identity recovery services).
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach BOY3392633092425
Regulatory Notifications: U.S. Securities and Exchange Commission (SEC)Relevant Government Agencies
Incident : Data Breach BOY1692216092925
Regulations Violated: Potential violations of the Nevada Consumer Fraud Act,
Legal Actions: Lawsuit by Scott Levy (former employee), Potential class action,
Regulatory Notifications: U.S. Securities and Exchange Commission (SEC)Regulators and government agencies (ongoing)
Incident : Data Breach BOY5992559100125
Legal Actions: Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada),
Regulatory Notifications: SEC Filing (2023-09-23)Planned Notifications to Regulators/Government Agencies
Incident : Data Breach BOY0532805100225
Legal Actions: Five class-action lawsuits filed by four law firms,
Regulatory Notifications: Securities regulators filing
Incident : Data Breach BOY5993359100225
Legal Actions: Five class-action lawsuits filed (as of reporting),
Regulatory Notifications: SEC filing (2023-09-23)
Incident : Data Breach BOY1002810100425
Legal Actions: Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.)
Regulatory Notifications: State attorney general offices (e.g., Texas, Maine)U.S. Securities and Exchange Commission (SEC)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Lawsuit by Scott Levy (former employee), Potential class action, , Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada), , Five class-action lawsuits filed by four law firms, , Five class-action lawsuits filed (as of reporting), , Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.).
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach BOY1002810100425
Recommendations: Monitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affected
References
Where can I find more information about each incident ?
Incident : Data Breach BOY3392633092425
Source: Boyd Gaming Corporation SEC Form 8-K Filing
Date Accessed: 2025-09-24
Incident : Data Breach BOY3392633092425
Source: Media Reports on Las Vegas Cyberattacks (2023-2025)
Date Accessed: 2025-09-24
Incident : Data Breach BOY1692216092925
Source: U.S. Securities and Exchange Commission (SEC) Filing
Date Accessed: 2025-09-23
Incident : Data Breach BOY1692216092925
Source: U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation)
Incident : Data Breach BOY1692216092925
Source: Cybersecurity Analyst Reports on Casino Industry Targeting
Incident : Data Breach BOY1692216092925
Source: Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023)
Incident : Data Breach BOY5992559100125
Source: Las Vegas Review-Journal
Incident : Data Breach BOY5992559100125
Source: U.S. Securities and Exchange Commission (SEC) Filing
Date Accessed: 2023-09-23
Incident : Data Breach BOY0532805100225
Source: Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach
Incident : Data Breach BOY5993359100225
Source: Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming)
Incident : Data Breach BOY5993359100225
Source: News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches)
Incident : Data Breach BOY1002810100425
Source: Shamis & Gentile P.A. Investigation Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Boyd Gaming Corporation SEC Form 8-K FilingDate Accessed: 2025-09-24, and Source: Media Reports on Las Vegas Cyberattacks (2023-2025)Date Accessed: 2025-09-24, and Source: U.S. Securities and Exchange Commission (SEC) FilingDate Accessed: 2025-09-23, and Source: U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation), and Source: Cybersecurity Analyst Reports on Casino Industry Targeting, and Source: Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023), and Source: Las Vegas Review-Journal, and Source: U.S. Securities and Exchange Commission (SEC) FilingDate Accessed: 2023-09-23, and Source: Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach, and Source: SEC Filing by Boyd GamingDate Accessed: 2023-09-23, and Source: Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming), and Source: News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches), and Source: Shamis & Gentile P.A. Investigation Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BOY3392633092425
Investigation Status: Ongoing (Federal Law Enforcement and External Experts Involved)
Incident : Data Breach BOY1692216092925
Investigation Status: Ongoing (collaboration with federal law enforcement and external cybersecurity experts)
Incident : Data Breach BOY5992559100125
Investigation Status: Ongoing (Lawsuits Pending)
Incident : Data Breach BOY0532805100225
Investigation Status: Ongoing (with federal law enforcement and cybersecurity experts)
Incident : Data Breach BOY5993359100225
Investigation Status: Ongoing (with external cybersecurity experts and federal law enforcement)
Incident : Data Breach BOY1002810100425
Investigation Status: Ongoing (external cybersecurity experts and law enforcement involved)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Sec Form 8-K Filing, Regulatory Notifications, Affected Party Notifications, Sec Filing, Notifying Affected Individuals, Regulatory Disclosures, Delayed Victim Notification, Sec Filing On 2023-09-23, Public Disclosure Via Securities Regulators Filing, Sec Filing (2023-09-23), No Direct Notification To All Affected Individuals (E.G., Scott Levy Not Notified), Notifications sent to affected individuals, regulators and and state attorney general offices; SEC filing.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BOY3392633092425
Stakeholder Advisories: Sec Filing, Regulatory Notifications.
Customer Advisories: Notifications to Affected Individuals
Incident : Data Breach BOY1692216092925
Stakeholder Advisories: Notification To Affected Individuals, Regulatory Disclosures.
Customer Advisories: Encouragement to monitor for fraud/identity theftLegal action considerations for affected parties
Incident : Data Breach BOY5992559100125
Stakeholder Advisories: Sec Filing, Victim Notification Letters.
Customer Advisories: Delayed Notifications to Affected Individuals
Incident : Data Breach BOY1002810100425
Stakeholder Advisories: Notifications sent to affected individuals, regulators, and state attorneys general
Customer Advisories: Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Sec Filing, Regulatory Notifications, Notifications To Affected Individuals, , Notification To Affected Individuals, Regulatory Disclosures, Encouragement To Monitor For Fraud/Identity Theft, Legal Action Considerations For Affected Parties, , Sec Filing, Victim Notification Letters, Delayed Notifications To Affected Individuals, , Notifications sent to affected individuals, regulators, and state attorneys general and Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BOY3392633092425
High Value Targets: Employee Data, Internal It Systems,
Data Sold on Dark Web: Employee Data, Internal It Systems,
Incident : Data Breach BOY1692216092925
High Value Targets: Employee Data, Customer Data,
Data Sold on Dark Web: Employee Data, Customer Data,
Incident : Data Breach BOY5992559100125
High Value Targets: Employee Data, Customer Pii,
Data Sold on Dark Web: Employee Data, Customer Pii,
Incident : Data Breach BOY5993359100225
High Value Targets: Employee Data, Customer Data,
Data Sold on Dark Web: Employee Data, Customer Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach BOY5992559100125
Root Causes: Inadequate Data Protection Measures, Delayed Incident Response,
Incident : Data Breach BOY0532805100225
Root Causes: Alleged Inadequate Cybersecurity Measures,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Federal Law Enforcement, External Cybersecurity Experts, , Leading External Cybersecurity Experts, , Leading Cybersecurity Experts, , , .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-09-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Employee Information, Limited Third-Party Data, , Employee Records, Customer Records, Social Security Numbers, Personally Identifiable Information (PII), , Personally Identifiable Information (PII), Employee Records, , , Employee Data, Customer Data, , Name of individual, Address, Social Security number, Driver’s license number, Government-issued ID number (e.g., passport, state ID card), Date of birth and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal IT Systems and Internal IT Systems and IT infrastructure and Internal IT Systems and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was federal law enforcement, external cybersecurity experts, , leading external cybersecurity experts, , leading cybersecurity experts, , , .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Employee Data, Limited Third-Party Data, Date of birth, Social Security number, Name of individual, Driver’s license number, Personally Identifiable Information (PII), Customer Data, Employee Records, Employee Information, Customer Records, Address, Government-issued ID number (e.g., passport, state ID card) and Social Security Numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.3K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Lawsuit by Scott Levy (former employee), Potential class action, , Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada), , Five class-action lawsuits filed by four law firms, , Five class-action lawsuits filed (as of reporting), , Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.).
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor credit reports and accounts for suspicious activity, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Place a fraud alert or security freeze on credit files and Consider legal action if affected.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach, Shamis & Gentile P.A. Investigation Notice, Boyd Gaming Corporation SEC Form 8-K Filing, Cybersecurity Analyst Reports on Casino Industry Targeting, Las Vegas Review-Journal, SEC Filing by Boyd Gaming, Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023), U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation), News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches), U.S. Securities and Exchange Commission (SEC) Filing, Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming) and Media Reports on Las Vegas Cyberattacks (2023-2025).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Federal Law Enforcement and External Experts Involved).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was SEC Filing, Regulatory Notifications, Notification to affected individuals, Regulatory disclosures, SEC Filing, Victim Notification Letters, Notifications sent to affected individuals, regulators, and state attorneys general, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Notifications to Affected Individuals, Encouragement to monitor for fraud/identity theftLegal action considerations for affected parties, Delayed Notifications to Affected Individuals and Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate Data Protection MeasuresDelayed Incident Response, Alleged inadequate cybersecurity measures.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=aliante-casino-hotel' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
