Super Casino Security Breach
For the second time in about a year, the Hard Rock hotel-casino's card payment system has been breached.
Roy Ramm, on behalf of LCI, has signed an Undertaking after the Information Commissioner’s Office (ICO) found LCI in breach of the Data Protection Act. LCI will ensure portable devices, including laptops, that are used to store personal information, are encrypted. Australians who have had their super accounts drained by crime gangs will be fully compensated as big funds ramp up cyber-security in the wake of an alleged $10m scam. Now having spent more than my share of time in Vegas for a wide range of security conferences I can only imagine that the amount of money that was affected by this breach would be massive.
The casino says customers' names, card numbers and verification codes were exposed.
Super Casino Security Breach Update
The breach affects cards used at the hotel between last October and this March.
Hard Rock released a statement on the breach:
Super Casino Security Breach 2019
'Hard Rock Hotel & Casino Las Vegas values the relationship we have with our customers, which is why we are notifying you of an incident that may involve your payment card.
'After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist. On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved. It is possible that cards used at certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.
'It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take to protect your information.We have notified law enforcement officials and are supporting their investigation. We are also working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards. We also continue to work with the cyber security firm to further strengthen the security of our systems to help prevent this from happening in the future.'