2 min read

Hard Rock's Las Vegas Hotel & Casino hit by hackers

Graham CLULEY

May 06, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hard Rock's Las Vegas Hotel & Casino hit by hackers

If you visit the website of Las Vegas’s Hard Rock Hotel and Casino right now, you may spot a message at the top of the page.

hard-rock-600

Didn’t notice it? Take a closer look.

hard-rock-2

If you click on the link about the “data security incident”, I’m afraid it’s not good news.

Because the 640-room hotel is warning that for some seven months, hackers were able to steal customers’ credit and debit card details from retail outlets (including restaurants and bars) at the Hard Rock Las Vegas property, but not the hotel and casino.

“This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.”

It appears that, in line with other recent attackers against retailers, point of sale (PoS) devices were infected with RAM-scraping malware that was able to exfiltrate sensitive data when unencrypted in memory.

The information stolen by the hackers includes the names of cardholders, credit and debit card numbers and CVV codes. PIN codes were not included in the information exposed.

According to a notification sent to New Hampshire’s Department of Justice, approximately 173,000 unique payment cards were used at the affected locations during the at-risk time period.

Many people go to Las Vegas with the knowledge that they might leave with less money than they started out with, but it’s hardly fun to know that your bank balance may be lower because of the acts of criminal hackers.

According to the Hard Rock Las Vegas Hotel and Casino, law enforcement agencies were informed of the security breach shortly after its discovery in early April, but public disclosure has been delayed until now at the FBI’s request to aid the investigation.

The company says it will attempt to notify all affected customers who it is able to identify. Personally I think it would be a good idea if they were a little more obvious in the warning on the home page of their website, but I guess we should be grateful that it is even mentioned there at all.

More information on the anti-fraud services the company is offering affected customers can be found in the Hard Rock Hotel’s statement on its website.

“We sincerely apologize for this incident, regret any inconvenience it may cause you and encourage you to take advantage of the product outlined herein. Should you have questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact us at 888-829-6551.”

One has to hope that the resort is taking a long hard look at its security, and putting systems in place to avoid any customers’ information being stolen again.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read