Las Vegas Hard Rock Casino suffers customer data breach

The Hard Rock Casino in Las Vegas has suffered a data breach, leading to the compromise of credit card data, names and addresses at restaurant, bar and retail locations.

In a statement, the Hard Rock Casino said the attack “was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.”

The Hard Rock Casino did not state how it detected the breach. According to Ken Westin, senior security researcher at Tripwire, “most of the time, the retailers discover the breach when the Secret Service or fraud analysts at banks notify them that they have detected credit card fraud patterns, or stolen cards in underground markets that puts their point-of-sale systems as the origin of the breach.”

George Rice, senior director of payments at HP Security Voltage explained that the consumer is powerless due to the nature of how hotel payments work. “Most hotels require a card on file, so cash is not a good option. PIN debit can protect that one transaction but not the PAN which could be used elsewhere without a PIN. EMV is not going to prevent data theft and is not (yet) a requirement in the US.”

In its recent statement, Hard Rock Casino stated that “”The trust and loyalty of our customers is our highest priority.”

The post Hard Rock Casino Data Breach Undetected for 7 Months appeared first on IT SECURITY GURU.