Snake eyes—that would be what some patrons rolled while visiting the Hard Rock Hotel & Casino in Las Vegas in the past year. Credit card data was apparently scraped off by malware that found its way into the gaming company’s payment transaction system. As the following article describes, the Hard Rock suffered another security incident in late 2014.
Hard Rock Hotel & Casino Las Vegas said on Monday that hackers managed to access customer payment card data through card scraping malware installed on systems running the resort’s payment card system.
The gaming resort said it was tipped off after receiving reports of fraudulent activity associated with payment cards used at its Las Vegas location.
After hiring an un-named cybersecurity firm to investigate the breach, it was determined in May that hackers managed to access to the resort’s payment card environment. The gaming company warned that cards used at restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could be exposed.
In some transactions, the PoS malware was able to capture payment card data including cardholder name, card number, expiration date, and internal verification code. However, the investigation found that in some cases cardholder name was not captured.
The company did not provide any additional details on the type of malware found on its systems. As would be expected, the company said that both law enforcement officials and payment card networks have been informed of the incident.
The Hard Rock Hotel and Casino warned of a similar incident last year. In May 2015, the company said that a malware attack exposed transactions that occurred between Sept. 3, 2014 and April 2, 2015, at the company’s restaurant, bar and retail locations.
The hospitality industry has been a prime target of cybercriminals. Hotels, restaurants, and entertainment venues process high volumes of payment transactions and their guests may not always be monitoring their accounts closely. The expanding use of credit and debit card controls is a partial, but not complete antidote to thwart card fraud. Consumers who set up transaction alerts on their smartphones would at least be warned immediately of any unauthorized purchases. That could go a long way in ensuring that a cardholder’s losses could only occur at the craps table.
Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group
Read the full story here