For the second time Hard Rock Las Vegas suffered a data breach

On Monday the Hard Rock Hotel & Casino in Las Vegas disclosed for the second time a data breach that compromised customers’ payment card data.

It has happened again, earlier this week the Hard Rock Hotel & Casino in Las Vegas disclosed a data breach, it is the second time the casino suffered a cyber attack.

The first breach suffered by the Rock Hotel occurred in May 2015, the compromised payment cards were used between September 3, 2014 and April 2, 2015, at the restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property.

Now, the resort started an investigation after receiving reports of fraudulent activity on cards used at their Las Vegas location, then they discovered that crooks used a malware to compromise the card processing system.

The malicious code was designed to steal payment card data including the card holder’s name, card number, expiration date, and internal verification codes.

“After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist. On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment.” reads the statement released by the Hard Rock “Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. “

According to the company, it is possible that the cards used in certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.

The investigators discovered that cards that were used at some restaurant and retail outlets between October 27, 2015 and March 21, 2016.

Experts speculated a link between the two incidents, it looks as if the malware used in the first security breach wasn’t completely removed from the Casino payment system.

Another possibility is that the attackers were able to access the Hard Rock for a second time, a circumstance that suggested security holes in their defense systems.

Stay tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Rock Hotel, data breach)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.