SHC
Company Details
Linkedin ID:
suncoastcasino
Website:
Employees number:
376
Number of followers:
1,615
NAICS:
713
Industry Type:
Homepage:
suncoastcasino.com
IP Addresses:
0
Company ID:
SUN_4322716
Scan Status:
In-progress
Suncoast Hotel & Casino Company CyberSecurity Posture
suncoastcasino.com
Suncoast Hotel & Casino is located in the premier northwest area of Las Vegas and is surrounded by world-class golf. The property offers exclusive restaurants, fun gaming, deluxe accommodations, bowling, movie theaters, bingo and much more. It is "Las Vegas as it used to be" in the Suncoast's beautiful 500-seat showroom, a throwback to the showrooms of splendor that made Las Vegas famous.
Suncoast Hotel & Casino A.I CyberSecurity Scoring
SHC Risk Score (AI oriented)Between 750 and 799
SHC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SHC Global Score (TPRM)XXXX
SHC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SHC Company CyberSecurity News & History
Past Incidents
6
Attack Types
1
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming Corporation, a Las Vegas-based casino operator, suffered a cyberattack resulting in unauthorized access to its internal IT systems. The breach led to the theft of sensitive data, primarily employee information and a limited number of other individuals' details. While the attack did not disrupt business operations or casino properties, the exfiltrated data included confidential employee records. The company has engaged federal law enforcement and external cybersecurity experts to investigate and mitigate the incident. Boyd Gaming holds cybersecurity insurance to cover related costs, including forensic analysis, legal claims, and regulatory fines. Despite the breach, the company does not anticipate a material adverse financial impact. The incident aligns with a broader trend of cyberattacks targeting Las Vegas casinos and government entities, though no group has claimed responsibility for this specific attack. Notification of affected parties and regulatory bodies is underway as part of the response protocol.
Boyd Gaming Corp.
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming Corp., a major Las Vegas-based casino operator with 11 properties in the Las Vegas Valley and additional locations across 10 U.S. states, suffered a cyberattack in early September 2023 (reportedly between **September 5–7**). The breach involved unauthorized access and exfiltration of **employee data and records tied to a limited number of other individuals**, including customers and former employees. The company delayed notifying victims, with lawsuits alleging negligence in safeguarding personal information and failing to disclose the breach promptly. Multiple class-action lawsuits—filed by employees, ex-employees, and customers from Nevada, Texas, Louisiana, and Ohio—accuse Boyd of **breach of implied contract, negligence, invasion of privacy, and unjust enrichment**. The SEC filing confirmed data theft, but Boyd has not clarified whether ransomware was involved or if a ransom was paid. The incident impacts **thousands of individuals**, raising concerns over financial fraud, identity theft, and reputational damage to the company. Plaintiffs claim Boyd **intentionally obscured the breach’s scope**, including how hackers accessed sensitive data and the duration of unauthorized access.
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming Corporation, a major U.S. gambling and hospitality company operating 28 casinos and online gaming platforms, suffered a data breach in early September 2025. An unauthorized third party gained access to its internal IT systems between **September 5–7, 2025**, exfiltrating sensitive personally identifiable information (PII) of customers. The compromised data included **names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers (e.g., passports), and dates of birth**. The breach impacted thousands of individuals across multiple states, with **4,300 affected in Texas alone**. Boyd Gaming notified regulators, attorney general offices, and the **U.S. Securities and Exchange Commission (SEC)**. While the company offered **two years of free credit monitoring and identity protection services**, the exposure of high-risk PII (e.g., SSNs, driver’s licenses) poses significant long-term risks, including **identity theft, financial fraud, and unauthorized account access**. Legal firms are investigating potential class-action lawsuits, as affected individuals may be entitled to compensation for the **unauthorized exposure of their sensitive data**, even if no immediate fraud has occurred. The breach underscores vulnerabilities in Boyd Gaming’s cybersecurity defenses, particularly given the **targeted extraction of highly sensitive customer records** by external threat actors.
Boyd Gaming Corporation
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming Corporation, a major casino and entertainment company, suffered a cyber breach in September 2025 where unauthorized actors infiltrated its internal systems and exfiltrated confidential data. The stolen information included employee records (such as Social Security numbers) and data from a limited number of other individuals. While casino and hotel operations remained unaffected, the breach triggered legal action from a former employee, Scott Levy, who filed a class-action lawsuit alleging negligence, breach of implied contract, and violations of Nevada’s Consumer Fraud Act. The lawsuit argues Boyd’s security measures were inadequate, as the company admitted personal data was stolen—not merely accessed. The incident follows a trend of escalating cyberattacks on the gaming sector, with prior high-profile cases like Caesars Entertainment (paid $15M ransom) and MGM Resorts (lost ~$100M in disruptions). Boyd is cooperating with cybersecurity experts and law enforcement, but the breach underscores growing legal, financial, and reputational risks tied to data exposure in the industry.
Boyd Gaming
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Boyd Gaming, a major casino entertainment company, suffered a cyber breach where an unauthorized third party infiltrated its IT systems and exfiltrated sensitive data belonging to current/former employees and a limited number of customers. The breach has triggered five class-action lawsuits, with plaintiffs—including employees and customers—alleging negligence in cybersecurity safeguards. The stolen data reportedly includes personal information, leading to increased spam calls and phishing attempts for affected individuals. While Boyd Gaming confirmed the incident in an SEC filing and claimed casino operations remained unaffected, it has not disclosed the exact timeline, scope of stolen data, or whether a ransom was paid. The company is relying on cybersecurity insurance to cover investigation costs, lawsuits, and potential regulatory fines. The breach aligns with a broader trend of cyberattacks targeting Nevada’s gaming industry, following similar incidents at MGM Resorts and Caesars Entertainment in 2023.
Boyd Gaming
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Boyd Gaming suffered a cyberattack where hackers infiltrated its IT systems, compromising sensitive data of **current and former employees** as well as **a limited number of customers**. The breach led to **five class-action lawsuits**, with plaintiffs alleging negligence in cybersecurity measures. Affected individuals reported **increased spam calls and phishing attempts**, while the company failed to notify some victims directly. Though casino operations remained unaffected, the breach exposed **personal and employment-related data**, triggering legal, financial, and reputational repercussions. The incident aligns with a broader trend of cyberattacks targeting Nevada’s gaming sector, including prior breaches at MGM Resorts and Caesars Entertainment. Boyd Gaming acknowledged the attack in a regulatory filing but did not disclose whether ransomware was involved or if a ransom was paid. The company is relying on cybersecurity insurance to cover costs, including investigations and potential penalties.
SHC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SHC
Incidents vs Gambling Facilities and Casinos Industry Average (This Year)
No incidents recorded for Suncoast Hotel & Casino in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Suncoast Hotel & Casino in 2025.
Incident Types SHC vs Gambling Facilities and Casinos Industry Avg (This Year)
No incidents recorded for Suncoast Hotel & Casino in 2025.
Incident History — SHC (X = Date, Y = Severity)
SHC cyber incidents detection timeline including parent company and subsidiaries
SHC Company Subsidiaries
Suncoast Hotel & Casino is located in the premier northwest area of Las Vegas and is surrounded by world-class golf. The property offers exclusive restaurants, fun gaming, deluxe accommodations, bowling, movie theaters, bingo and much more. It is "Las Vegas as it used to be" in the Suncoast's beautiful 500-seat showroom, a throwback to the showrooms of splendor that made Las Vegas famous.
Loading...
SHC Similar Companies
PlayUp is a next generation entertainment and technology group that enriches the lives of people through entertaining, rewarding and responsible online betting. We develop innovative betting technologies in-house to power our brands and deliver world-class user experiences. Our energies are focused
Mohegan
Mohegan is the owner, developer and manager of premier entertainment resorts in the United States, Canada, and Northern Asia. Mohegan’s U.S. operations include resorts in Connecticut, Washington, Pennsylvania, New Jersey, and Nevada; Canadian operations are based in Niagara Falls; and Mohegan Inspir
Anaxi
Anaxi is creating a destination where players can enjoy the excitement of real money gaming with confidence. It’s live, real and ready to entertain. Proudly part of the Aristocrat family, we create gaming experiences that exceed expectations for our customers, players and industry partners, every t
Neds
Neds is Australia’s newest, most innovative online bookmaker and we have enjoyed a meteoric rise to prominence since first entering the market in October 2017. We strive to offer our clients the best online betting experience through market-leading innovation, lucrative and unique promotions and gr
Emperors Palace Hotel Casino Convention and Entertainment Resort
Conveniently situated alongside O.R. Tambo International Airport in Johannesburg, South Africa, Emperors Palace Hotel Casino Convention and Entertainment Resort combines timeless classical elegance and sheer excitement. With luxurious accommodation in four unique hotels, a glorious health and bea
ilani
Located on the Cowlitz Reservation in Ridgefield, Washington, ilani is the Pacific Northwest’s premier gaming, dining, entertainment, and meeting destination. With nearly 400,000 total square feet, ilani includes 100,000 square feet of gaming space with nearly 3,000 slots and 75 gaming tables, 15 di
.png)
SHC CyberSecurity News
October 30, 2025 07:00 AM
'We lost control of the narrative': Las Vegas casino executives address prices amid ongoing tourism slump
Is Las Vegas still a value? Are prices too high? Can people afford to still come to the valley? Those are questions that have been swirling...
October 13, 2025 07:00 AM
Downtown Tarpon Springs to get long-sought boutique hotel
The Tarpon Registry project, proposed by Infill Studio managing partners Casey Smith and Joe Harrington, will bring a 10,000-square-foot, two-...
October 03, 2025 07:00 AM
Gambler bets $10 on slot machine — and wins big jackpot at Las Vegas casino
A lucky gambler turned a $10 bet into a big prize at a Las Vegas casino. The visitor sat at a Dragon Cash slot machine Sept. 30 at Suncoast...
July 29, 2025 07:00 AM
Suncoast Casino Opens 9,000-Square-Foot Bingo Room in Major Makeover
The Suncoast Hotel & Casino in Las Vegas has officially opened a new bingo room as part of the new renovations.
July 28, 2025 07:00 AM
Boyd's Suncoast Casino unveils new bingo room as part of major property overhaul
Boyd Gaming's Suncoast Hotel and Casino will open its brand-new bingo room next weekend, with a grand opening event scheduled for August 2...
July 25, 2025 07:00 AM
Suncoast unveils all-new bingo room, part of property-wide transformation
Suncoast Hotel & Casino has unveiled its brand-new bingo room, the latest addition to the west Las Vegas property's ongoing transformation.
July 25, 2025 07:00 AM
Suncoast Hotel & Casino debuting new bingo room on August 2–3
The 9,170 sq ft space will be open daily from 10:30am – 10pm local time following its grand opening celebration on August 2–3. North America...
July 25, 2025 07:00 AM
This casino will debut its new bingo room early next month
The Suncoast's new bingo room will debut Aug. 2 at 10 am, with a special public event at the property at Alta Road and South Rampart Boulevard.
July 24, 2025 07:00 AM
Boyd Gaming’s locals casino-hotels see strongest quarterly growth in 2 years
The company reported Thursday that construction disruptions at its Suncoast property probably held back an even stronger locals performance...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SHC CyberSecurity History Information
Official Website of Suncoast Hotel & Casino
The official website of Suncoast Hotel & Casino is https://www.suncoastcasino.com/.
Suncoast Hotel & Casino’s AI-Generated Cybersecurity Score
According to Rankiteo, Suncoast Hotel & Casino’s AI-generated cybersecurity score is 768, reflecting their Fair security posture.
How many security badges does Suncoast Hotel & Casino’ have ?
According to Rankiteo, Suncoast Hotel & Casino currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Suncoast Hotel & Casino have SOC 2 Type 1 certification ?
According to Rankiteo, Suncoast Hotel & Casino is not certified under SOC 2 Type 1.
Does Suncoast Hotel & Casino have SOC 2 Type 2 certification ?
According to Rankiteo, Suncoast Hotel & Casino does not hold a SOC 2 Type 2 certification.
Does Suncoast Hotel & Casino comply with GDPR ?
According to Rankiteo, Suncoast Hotel & Casino is not listed as GDPR compliant.
Does Suncoast Hotel & Casino have PCI DSS certification ?
According to Rankiteo, Suncoast Hotel & Casino does not currently maintain PCI DSS compliance.
Does Suncoast Hotel & Casino comply with HIPAA ?
According to Rankiteo, Suncoast Hotel & Casino is not compliant with HIPAA regulations.
Does Suncoast Hotel & Casino have ISO 27001 certification ?
According to Rankiteo,Suncoast Hotel & Casino is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Suncoast Hotel & Casino
Suncoast Hotel & Casino operates primarily in the Gambling Facilities and Casinos industry.
Number of Employees at Suncoast Hotel & Casino
Suncoast Hotel & Casino employs approximately 376 people worldwide.
Subsidiaries Owned by Suncoast Hotel & Casino
Suncoast Hotel & Casino presently has no subsidiaries across any sectors.
Suncoast Hotel & Casino’s LinkedIn Followers
Suncoast Hotel & Casino’s official LinkedIn profile has approximately 1,615 followers.
Suncoast Hotel & Casino’s Presence on Crunchbase
No, Suncoast Hotel & Casino does not have a profile on Crunchbase.
Suncoast Hotel & Casino’s Presence on LinkedIn
Yes, Suncoast Hotel & Casino maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/suncoastcasino.
Cybersecurity Incidents Involving Suncoast Hotel & Casino
As of November 27, 2025, Rankiteo reports that Suncoast Hotel & Casino has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
Suncoast Hotel & Casino has an estimated 894 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Suncoast Hotel & Casino ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Suncoast Hotel & Casino detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with federal law enforcement, third party assistance with external cybersecurity experts, and and communication strategy with sec form 8-k filing, communication strategy with regulatory notifications, communication strategy with affected party notifications, and and third party assistance with leading external cybersecurity experts, and and communication strategy with sec filing, communication strategy with notifying affected individuals, communication strategy with regulatory disclosures, and incident response plan activated with yes (investigation conducted), and remediation measures with notification of affected individuals, remediation measures with regulatory disclosures (sec filing), and communication strategy with delayed victim notification, communication strategy with sec filing on 2023-09-23, and and third party assistance with leading cybersecurity experts, and and communication strategy with public disclosure via securities regulators filing, and incident response plan activated with yes (with assistance from external cybersecurity experts), and third party assistance with yes (leading external cybersecurity experts), and law enforcement notified with yes (cooperation with federal law enforcement), and communication strategy with sec filing (2023-09-23), communication strategy with no direct notification to all affected individuals (e.g., scott levy not notified), and incident response plan activated with yes (with external cybersecurity experts), and third party assistance with yes (external cybersecurity experts), and law enforcement notified with yes (federal law enforcement), and recovery measures with offered two years of free credit monitoring and identity protection (via idx, including dark web monitoring and identity recovery services), and communication strategy with notifications sent to affected individuals, regulators, and state attorney general offices; sec filing..
Incident Details
Can you provide details on each incident ?
Title: Cyberattack on Boyd Gaming Corporation
Description: Las Vegas-based casino operator Boyd Gaming Corporation confirmed a cyberattack resulting in unauthorized access to its internal IT systems and theft of sensitive data, including employee information. The breach was disclosed in a Form 8-K filing to the U.S. SEC. While no operational disruptions occurred, data exfiltration included employee and limited third-party information. Federal law enforcement and external cybersecurity experts are investigating. The company expects its cybersecurity insurance to cover related costs and does not anticipate material financial impact.
Date Publicly Disclosed: 2025-09-24
Type: Data Breach
Title: Boyd Gaming Corporation Data Breach (2025)
Description: Boyd Gaming Corporation, a major casino and entertainment company, disclosed a cybersecurity breach in September 2025 where unauthorized actors stole confidential employee and customer data. The breach prompted a lawsuit alleging negligence, while the company assured that casino and hotel operations remained unaffected. Boyd enlisted external cybersecurity experts and federal law enforcement to investigate the incident, which is part of a broader trend of cyberattacks targeting the gaming sector.
Date Publicly Disclosed: 2025-09-23
Type: Data Breach
Motivation: Data TheftPotential Financial GainFraud/Identity Theft
Title: Boyd Gaming Corp. Data Breach (September 2023)
Description: A cyberattack against Boyd Gaming Corp., a Las Vegas-based casino company, resulted in the theft of personally identifying information (PII) of employees, ex-employees, and customers. The breach was discovered in early September 2023, with unauthorized activity occurring between September 5–7. The company delayed notifying victims and has faced multiple class-action lawsuits alleging negligence, failure to safeguard data, and lack of transparency. The attackers exfiltrated employee data and records tied to a limited number of other individuals. Boyd operates 11 casinos in Las Vegas and nearly a dozen other gaming locations across 10 U.S. states.
Date Detected: 2023-09-06
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Motivation: Data TheftFinancial Gain
Title: Boyd Gaming Data Breach and Multiple Lawsuits
Description: Boyd Gaming admitted that hackers infiltrated its IT infrastructure, compromising sensitive data involving employees and other individuals connected to the company. The breach led to multiple class-action lawsuits alleging inadequate cybersecurity measures. The company acknowledged the attack on September 23, confirming unauthorized access to employee and limited third-party data. Casino operations remained unaffected, and Boyd Gaming is relying on cybersecurity insurance to cover breach-related costs.
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Title: Boyd Gaming Data Breach and Class-Action Lawsuits
Description: Boyd Gaming admitted that hackers breached their IT systems and stole sensitive employee and customer data, leading to five class-action lawsuits. The breach exposed personal information, with plaintiffs alleging inadequate cybersecurity measures. The company acknowledged the incident in an SEC filing and stated it is cooperating with law enforcement and cybersecurity experts. Casino operations were reportedly unaffected, and Boyd believes its cybersecurity insurance will cover related costs, including lawsuits and potential fines. The exact timeline, data types stolen, and whether a ransom was paid remain undisclosed.
Date Publicly Disclosed: 2023-09-23
Type: Data Breach
Motivation: Financial GainData Theft
Title: Boyd Gaming Corporation Data Breach (2025)
Description: Boyd Gaming Corporation, a major American gambling and hospitality company, experienced a cybersecurity incident in September 2025 involving unauthorized access to its internal IT systems. An unauthorized third party exfiltrated sensitive personally identifiable information (PII) of individuals, including names, addresses, Social Security numbers, driver’s license numbers, government-issued ID numbers, and dates of birth. The breach impacted at least 4,325 individuals across multiple states, with notifications sent to regulators, attorney general offices, and the U.S. Securities and Exchange Commission (SEC). Boyd Gaming is offering two years of free credit monitoring and identity protection services to affected individuals.
Date Detected: 2025-09-06
Type: Data Breach
Threat Actor: Unauthorized third party
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BOY3392633092425
Data Compromised: Employee information, Limited third-party data
Systems Affected: Internal IT Systems
Downtime: None
Operational Impact: None
Identity Theft Risk: Potential (Employee Data)
Incident : Data Breach BOY1692216092925
Data Compromised: Employee records, Customer records, Social security numbers, Personally identifiable information (pii)
Systems Affected: Internal IT Systems
Operational Impact: None (casino and hotel operations remained unaffected)
Brand Reputation Impact: Moderate (legal action and regulatory scrutiny)
Legal Liabilities: Lawsuit filed by former employee (Scott Levy)Potential class actionAllegations of negligence, breach of implied contract, unjust enrichment, and violations of the Nevada Consumer Fraud Act
Identity Theft Risk: High (Social Security numbers and sensitive data exposed)
Incident : Data Breach BOY5992559100125
Data Compromised: Personally identifiable information (pii), Employee records
Customer Complaints: ['Multiple Lawsuits Filed']
Brand Reputation Impact: Negative PublicityLoss of Trust
Legal Liabilities: Four Class-Action Lawsuits (Nevada, Louisiana, Texas, Ohio)Allegations of NegligenceBreach of Implied ContractInvasion of Privacy
Identity Theft Risk: ['High (PII Exposed)']
Incident : Data Breach BOY0532805100225
Systems Affected: IT infrastructure
Operational Impact: None (casino operations remained unaffected)
Customer Complaints: True
Legal Liabilities: Multiple class-action lawsuits filed
Identity Theft Risk: True
Incident : Data Breach BOY5993359100225
Data Compromised: Employee data, Customer data
Systems Affected: Internal IT Systems
Operational Impact: None (casino operations unaffected)
Customer Complaints: Increase in spam calls and phishing texts reported by at least one plaintiff (Scott Levy)
Brand Reputation Impact: Negative (multiple class-action lawsuits filed, allegations of inadequate cybersecurity)
Legal Liabilities: Five class-action lawsuits filedPotential regulatory fines
Identity Theft Risk: High (plaintiffs report increased spam/phishing attempts)
Incident : Data Breach BOY1002810100425
Data Compromised: Name of individual, Address, Social security number, Driver’s license number, Government-issued id number (e.g., passport, state id card), Date of birth
Systems Affected: Internal IT systems
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive customer data
Legal Liabilities: Potential lawsuits and regulatory scrutiny (e.g., SEC, state attorneys general)
Identity Theft Risk: High (due to exposure of SSNs, driver’s license numbers, and other PII)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Employee Information, Third-Party Personal Data, , Employee Data, Customer Data, Social Security Numbers, Pii, , Personally Identifiable Information (Pii), Employee Records, , Employee Data, Limited Third-Party Data, , Employee Data, Customer Data, Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Sensitive Identification Documents and .
Which entities were affected by each incident ?
Incident : Data Breach BOY3392633092425
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Size: 16,000+ employees, $3.9B annual revenue (2024)
Customers Affected: Limited number of individuals (beyond employees)
Incident : Data Breach BOY1692216092925
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gaming, Hospitality, Entertainment
Location: Las Vegas, Nevada, USA
Size: Large (operates 11 casinos in Las Vegas Valley and nearly a dozen more across 10 states)
Customers Affected: Limited number of individuals (employees and customers)
Incident : Data Breach BOY5992559100125
Entity Name: Boyd Gaming Corp.
Entity Type: Corporation
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Size: Large (11 casinos in Las Vegas Valley, ~12 other locations across 10 states)
Customers Affected: Thousands (employees, ex-employees, and customers)
Incident : Data Breach BOY0532805100225
Entity Name: Boyd Gaming
Entity Type: Corporation
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Customers Affected: True
Incident : Data Breach BOY5993359100225
Entity Name: Boyd Gaming
Entity Type: Public Company
Industry: Gaming/Hospitality
Location: Las Vegas, Nevada, USA
Customers Affected: Limited number of individuals (exact count undisclosed)
Incident : Data Breach BOY1002810100425
Entity Name: Boyd Gaming Corporation
Entity Type: Public Company
Industry: Gambling and Hospitality
Location: Paradise, Nevada, USA
Size: Large (28 casinos and entertainment properties across 10 states, plus online gaming operations)
Customers Affected: 4,325+ (e.g., 4,300 in Texas, 25 in Maine)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BOY3392633092425
Incident Response Plan Activated: True
Third Party Assistance: Federal Law Enforcement, External Cybersecurity Experts.
Communication Strategy: SEC Form 8-K FilingRegulatory NotificationsAffected Party Notifications
Incident : Data Breach BOY1692216092925
Incident Response Plan Activated: True
Third Party Assistance: Leading External Cybersecurity Experts.
Communication Strategy: SEC filingNotifying affected individualsRegulatory disclosures
Incident : Data Breach BOY5992559100125
Incident Response Plan Activated: Yes (Investigation Conducted)
Remediation Measures: Notification of Affected IndividualsRegulatory Disclosures (SEC Filing)
Communication Strategy: Delayed Victim NotificationSEC Filing on 2023-09-23
Incident : Data Breach BOY0532805100225
Incident Response Plan Activated: True
Third Party Assistance: Leading Cybersecurity Experts.
Communication Strategy: Public disclosure via securities regulators filing
Incident : Data Breach BOY5993359100225
Incident Response Plan Activated: Yes (with assistance from external cybersecurity experts)
Third Party Assistance: Yes (leading external cybersecurity experts)
Law Enforcement Notified: Yes (cooperation with federal law enforcement)
Communication Strategy: SEC filing (2023-09-23)No direct notification to all affected individuals (e.g., Scott Levy not notified)
Incident : Data Breach BOY1002810100425
Incident Response Plan Activated: Yes (with external cybersecurity experts)
Third Party Assistance: Yes (external cybersecurity experts)
Law Enforcement Notified: Yes (federal law enforcement)
Recovery Measures: Offered two years of free credit monitoring and identity protection (via IDX, including dark web monitoring and identity recovery services)
Communication Strategy: Notifications sent to affected individuals, regulators, and state attorney general offices; SEC filing
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (Investigation Conducted), , Yes (with assistance from external cybersecurity experts), Yes (with external cybersecurity experts).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Federal Law Enforcement, External Cybersecurity Experts, , Leading external cybersecurity experts, , Leading cybersecurity experts, , Yes (leading external cybersecurity experts), Yes (external cybersecurity experts).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BOY3392633092425
Type of Data Compromised: Employee information, Third-party personal data
Sensitivity of Data: High (Personally Identifiable Information)
Incident : Data Breach BOY1692216092925
Type of Data Compromised: Employee data, Customer data, Social security numbers, Pii
Sensitivity of Data: High
Incident : Data Breach BOY5992559100125
Type of Data Compromised: Personally identifiable information (pii), Employee records
Number of Records Exposed: Several Thousand
Sensitivity of Data: High (PII)
Data Exfiltration: Yes
Personally Identifiable Information: NamesEmployee DataCustomer Data (potential)
Incident : Data Breach BOY0532805100225
Type of Data Compromised: Employee data, Limited third-party data
Sensitivity of Data: High (personal information)
Incident : Data Breach BOY5993359100225
Type of Data Compromised: Employee data, Customer data, Personally identifiable information (pii)
Sensitivity of Data: High (described as a 'treasure trove' of private information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach BOY1002810100425
Type of Data Compromised: Personally identifiable information (pii), Sensitive identification documents
Number of Records Exposed: 4,325+ (exact total undisclosed)
Sensitivity of Data: High (includes SSNs, driver’s license numbers, and government-issued IDs)
Data Exfiltration: Yes
Personally Identifiable Information: Yes (names, addresses, SSNs, driver’s license numbers, government-issued IDs, dates of birth)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Notification of Affected Individuals, Regulatory Disclosures (SEC Filing), .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach BOY3392633092425
Data Exfiltration: True
Incident : Data Breach BOY1692216092925
Data Exfiltration: True
Incident : Data Breach BOY5992559100125
Data Exfiltration: Yes
Incident : Data Breach BOY0532805100225
Data Exfiltration: True
Incident : Data Breach BOY5993359100225
Data Exfiltration: Yes
Incident : Data Breach BOY1002810100425
Data Exfiltration: Yes
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Offered two years of free credit monitoring and identity protection (via IDX, including dark web monitoring and identity recovery services).
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach BOY3392633092425
Regulatory Notifications: U.S. Securities and Exchange Commission (SEC)Relevant Government Agencies
Incident : Data Breach BOY1692216092925
Regulations Violated: Potential violations of the Nevada Consumer Fraud Act,
Legal Actions: Lawsuit by Scott Levy (former employee), Potential class action,
Regulatory Notifications: U.S. Securities and Exchange Commission (SEC)Regulators and government agencies (ongoing)
Incident : Data Breach BOY5992559100125
Legal Actions: Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada),
Regulatory Notifications: SEC Filing (2023-09-23)Planned Notifications to Regulators/Government Agencies
Incident : Data Breach BOY0532805100225
Legal Actions: Five class-action lawsuits filed by four law firms,
Regulatory Notifications: Securities regulators filing
Incident : Data Breach BOY5993359100225
Legal Actions: Five class-action lawsuits filed (as of reporting),
Regulatory Notifications: SEC filing (2023-09-23)
Incident : Data Breach BOY1002810100425
Legal Actions: Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.)
Regulatory Notifications: State attorney general offices (e.g., Texas, Maine)U.S. Securities and Exchange Commission (SEC)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Lawsuit by Scott Levy (former employee), Potential class action, , Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada), , Five class-action lawsuits filed by four law firms, , Five class-action lawsuits filed (as of reporting), , Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.).
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach BOY1002810100425
Recommendations: Monitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affectedMonitor credit reports and accounts for suspicious activity, Place a fraud alert or security freeze on credit files, Utilize offered credit monitoring and identity protection services (IDX), Contact state attorney general’s office for guidance, Consider legal action if affected
References
Where can I find more information about each incident ?
Incident : Data Breach BOY3392633092425
Source: Boyd Gaming Corporation SEC Form 8-K Filing
Date Accessed: 2025-09-24
Incident : Data Breach BOY3392633092425
Source: Media Reports on Las Vegas Cyberattacks (2023-2025)
Date Accessed: 2025-09-24
Incident : Data Breach BOY1692216092925
Source: U.S. Securities and Exchange Commission (SEC) Filing
Date Accessed: 2025-09-23
Incident : Data Breach BOY1692216092925
Source: U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation)
Incident : Data Breach BOY1692216092925
Source: Cybersecurity Analyst Reports on Casino Industry Targeting
Incident : Data Breach BOY1692216092925
Source: Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023)
Incident : Data Breach BOY5992559100125
Source: Las Vegas Review-Journal
Incident : Data Breach BOY5992559100125
Source: U.S. Securities and Exchange Commission (SEC) Filing
Date Accessed: 2023-09-23
Incident : Data Breach BOY0532805100225
Source: Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach
Incident : Data Breach BOY5993359100225
Source: Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming)
Incident : Data Breach BOY5993359100225
Source: News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches)
Incident : Data Breach BOY1002810100425
Source: Shamis & Gentile P.A. Investigation Notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Boyd Gaming Corporation SEC Form 8-K FilingDate Accessed: 2025-09-24, and Source: Media Reports on Las Vegas Cyberattacks (2023-2025)Date Accessed: 2025-09-24, and Source: U.S. Securities and Exchange Commission (SEC) FilingDate Accessed: 2025-09-23, and Source: U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation), and Source: Cybersecurity Analyst Reports on Casino Industry Targeting, and Source: Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023), and Source: Las Vegas Review-Journal, and Source: U.S. Securities and Exchange Commission (SEC) FilingDate Accessed: 2023-09-23, and Source: Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach, and Source: SEC Filing by Boyd GamingDate Accessed: 2023-09-23, and Source: Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming), and Source: News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches), and Source: Shamis & Gentile P.A. Investigation Notice.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BOY3392633092425
Investigation Status: Ongoing (Federal Law Enforcement and External Experts Involved)
Incident : Data Breach BOY1692216092925
Investigation Status: Ongoing (collaboration with federal law enforcement and external cybersecurity experts)
Incident : Data Breach BOY5992559100125
Investigation Status: Ongoing (Lawsuits Pending)
Incident : Data Breach BOY0532805100225
Investigation Status: Ongoing (with federal law enforcement and cybersecurity experts)
Incident : Data Breach BOY5993359100225
Investigation Status: Ongoing (with external cybersecurity experts and federal law enforcement)
Incident : Data Breach BOY1002810100425
Investigation Status: Ongoing (external cybersecurity experts and law enforcement involved)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Sec Form 8-K Filing, Regulatory Notifications, Affected Party Notifications, Sec Filing, Notifying Affected Individuals, Regulatory Disclosures, Delayed Victim Notification, Sec Filing On 2023-09-23, Public Disclosure Via Securities Regulators Filing, Sec Filing (2023-09-23), No Direct Notification To All Affected Individuals (E.G., Scott Levy Not Notified), Notifications sent to affected individuals, regulators and and state attorney general offices; SEC filing.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BOY3392633092425
Stakeholder Advisories: Sec Filing, Regulatory Notifications.
Customer Advisories: Notifications to Affected Individuals
Incident : Data Breach BOY1692216092925
Stakeholder Advisories: Notification To Affected Individuals, Regulatory Disclosures.
Customer Advisories: Encouragement to monitor for fraud/identity theftLegal action considerations for affected parties
Incident : Data Breach BOY5992559100125
Stakeholder Advisories: Sec Filing, Victim Notification Letters.
Customer Advisories: Delayed Notifications to Affected Individuals
Incident : Data Breach BOY1002810100425
Stakeholder Advisories: Notifications sent to affected individuals, regulators, and state attorneys general
Customer Advisories: Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Sec Filing, Regulatory Notifications, Notifications To Affected Individuals, , Notification To Affected Individuals, Regulatory Disclosures, Encouragement To Monitor For Fraud/Identity Theft, Legal Action Considerations For Affected Parties, , Sec Filing, Victim Notification Letters, Delayed Notifications To Affected Individuals, , Notifications sent to affected individuals, regulators, and state attorneys general and Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach BOY3392633092425
High Value Targets: Employee Data, Internal It Systems,
Data Sold on Dark Web: Employee Data, Internal It Systems,
Incident : Data Breach BOY1692216092925
High Value Targets: Employee Data, Customer Data,
Data Sold on Dark Web: Employee Data, Customer Data,
Incident : Data Breach BOY5992559100125
High Value Targets: Employee Data, Customer Pii,
Data Sold on Dark Web: Employee Data, Customer Pii,
Incident : Data Breach BOY5993359100225
High Value Targets: Employee Data, Customer Data,
Data Sold on Dark Web: Employee Data, Customer Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach BOY5992559100125
Root Causes: Inadequate Data Protection Measures, Delayed Incident Response,
Incident : Data Breach BOY0532805100225
Root Causes: Alleged Inadequate Cybersecurity Measures,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Federal Law Enforcement, External Cybersecurity Experts, , Leading External Cybersecurity Experts, , Leading Cybersecurity Experts, , , .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized third party.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-09-06.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-09-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Employee Information, Limited Third-Party Data, , Employee Records, Customer Records, Social Security Numbers, Personally Identifiable Information (PII), , Personally Identifiable Information (PII), Employee Records, , , Employee Data, Customer Data, , Name of individual, Address, Social Security number, Driver’s license number, Government-issued ID number (e.g., passport, state ID card), Date of birth and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal IT Systems and Internal IT Systems and IT infrastructure and Internal IT Systems and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was federal law enforcement, external cybersecurity experts, , leading external cybersecurity experts, , leading cybersecurity experts, , , .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security Numbers, Customer Records, Personally Identifiable Information (PII), Name of individual, Customer Data, Driver’s license number, Date of birth, Employee Information, Employee Data, Address, Limited Third-Party Data, Government-issued ID number (e.g., passport, state ID card), Social Security number and Employee Records.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 4.3K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Lawsuit by Scott Levy (former employee), Potential class action, , Four Class-Action Lawsuits (Filed in U.S. District Court, Nevada), , Five class-action lawsuits filed by four law firms, , Five class-action lawsuits filed (as of reporting), , Potential class-action lawsuits (under investigation by Shamis & Gentile P.A.).
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Utilize offered credit monitoring and identity protection services (IDX), Consider legal action if affected, Monitor credit reports and accounts for suspicious activity, Contact state attorney general’s office for guidance and Place a fraud alert or security freeze on credit files.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are SEC Filing by Boyd Gaming, Cybersecurity Analyst Reports on Casino Industry Targeting, Las Vegas Review-Journal, Article: Boyd Gaming Hit with Multiple Lawsuits After Data Breach, Boyd Gaming Corporation SEC Form 8-K Filing, Shamis & Gentile P.A. Investigation Notice, U.S. Securities and Exchange Commission (SEC) Filing, U.S. District Court in Nevada (Scott Levy v. Boyd Gaming Corporation), News reports on Nevada cyber incidents (e.g., MGM Resorts, Caesars Entertainment breaches), Historical Context: Caesars Entertainment ($15M ransom, 2023) and MGM Resorts ($100M losses, 2023), Class-action lawsuits (e.g., Scott Levy v. Boyd Gaming) and Media Reports on Las Vegas Cyberattacks (2023-2025).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Federal Law Enforcement and External Experts Involved).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was SEC Filing, Regulatory Notifications, Notification to affected individuals, Regulatory disclosures, SEC Filing, Victim Notification Letters, Notifications sent to affected individuals, regulators, and state attorneys general, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Notifications to Affected Individuals, Encouragement to monitor for fraud/identity theftLegal action considerations for affected parties, Delayed Notifications to Affected Individuals and Boyd Gaming offered two years of free credit monitoring and identity protection (IDX); legal remedies may be available.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate Data Protection MeasuresDelayed Incident Response, Alleged inadequate cybersecurity measures.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=suncoastcasino' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
