Hard Rock Hotel & Casino Announces Second Data Breach
The Hard Rock Hotel & Casino in Las Vegas, Nevada announced they have experienced their second data breach in just over a year.
The company said card-scraping malware had been installed on its point-of-sale system, which gave hackers access to payment card data, including the cardholder’s name, card number, expiration date and verification code. In some cases, the malware was only able to obtain the card data without the customer’s name.
The malware was active between October 27, 2015 and March 21, 2016, which means a large group of visitors were affected—though no specific numbers have been released.
Hard Rock discovered the breach after it received reports of fraudulent activity. They then hired investigators who uncovered the unauthorized access of the POS network and found the malware.
The company faced a similar breach last May, when hackers had accessed customer credit and debit card information from September 2014 through April 2015. In that case, the criminals obtained cardholder names, card numbers and CVV codes.
Anyone who shopped at the hotel, casino, its restaurants or stores during the time period in question are advised to monitor their credit report and statements for fraudulent activity. If a customer believes they are the victim of identity theft, Hard Rock recommends contacting the Federal Trade Commission and/or the Attorney General’s office in their state and filing a police report with local law enforcement.
“It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity,” the company said in its statement. “You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card.”