On Monday, Hard Rock Hotel & Casino in Las Vegas disclosed data breach, after malware was discovered on their card processing system. This is the second time the casino has had to report such an incident.
In a statement, Hard Rock said that on May 13, the resort started an investigation after receiving reports of fraudulent activity on cards used at their Las Vegas location. The investigators discovered unauthorized access to the card-processing network, and later discovered malware on the systems themselves.
The malware targeted card details such as the customer’s name, card number, expiration date, and internal verification codes. In other instances, the malware only obtained card data, but no names.
The breach timeline includes cards that were used at some restaurant and retail outlets between October 27, 2015 and March 21, 2016. It’s important to note, this incident only impacts the Hard Rock Hotel & Casino in Las Vegas.
Last year, in May, Hard Rock disclosed a similar data breach that impacted payment cards.
The compromised cards were used between September 3, 2014 and April 2, 2015, at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.
Given that this is the second data breach under similar circumstances, it looks as if the clean-up on the first incident didn’t catch everything.
Otherwise, the situation is worse from a security standpoint. This week’s disclosure could point to the fact that criminals were able to access the payment network a second time using the previous methods, or managed to find another way in.
Either way, the incident shows that the network was clearly left vulnerable to some degree, and criminals exploited this fact in just over five months.