Hard Rock Hotel & Casino in Las Vegas is notifying customers of a data breach that may have compromised their payment card details.
In a statement posted on Monday, the luxury resort explains it detected the incident following an investigation into fraudulent activity involving some payment cards used at Hard Rock Hotel & Casino Las Vegas:
“On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system.”
The malware is believed to have compromised customers’ payment card data, including their cardholder name, card number, expiration date, and internal verification code.
The resort says that those who used their payment card in certain restaurants and retail stores at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could be affected.
The hotel is currently working with law enforcement to support their investigation, payment card networks to notify banks of the breach, and a security firm to improve its digital security going forward.
This is the second time the hotel has experienced a payment card breach in a little over a year, which along with similar incidents at Trump Hotels and Hyatt Hotels points to the fact that attackers are increasingly targeting the hospitality industry.
Zach Forsyth, director of technology innovation at security firm Comodo, clarifies that point:
“Hospitality organizations are ideal targets for the cybercriminal today because they handle highly valuable personal and financial information – the proverbial goldmine for the cyberthief. Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share. Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers. It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left.”
The Hard Rock Hotel & Casino is urging customers to watch out for suspicious transactions on their payment card records and other statements.
Customers who detect any signs of identity theft should contact the Federal Trade Commission or the Attorney General in their state.