For the second time Hard Rock Las Vegas suffered a data breach

On Monday the Hard Rock Hotel & Casino in Las Vegas disclosed for the second time a data breach that compromised customers’ payment card data.

It has happened again, earlier this week the Hard Rock Hotel & Casino in Las Vegas disclosed a data breach, it is the second time the casino suffered a cyber attack.

The first breach suffered by the Rock Hotel occurred in May 2015, the compromised payment cards were used between September 3, 2014 and April 2, 2015, at the restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property.

Now, the resort started an investigation after receiving reports of fraudulent activity on cards used at their Las Vegas location, then they discovered that crooks used a malware to compromise the card processing system.

The malicious code was designed to steal payment card data including the card holder’s name, card number, expiration date, and internal verification codes.

“After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist.  On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment.” reads the statement released by the Hard Rock  “Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. “

According to the company, it is possible that the cards used in certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.

The investigators discovered that cards that were used at some restaurant and retail outlets between October 27, 2015 and March 21, 2016.

Experts speculated a link between the two incidents, it looks as if the malware used in the first security breach wasn’t completely removed from the Casino payment system.

Another possibility is that the attackers were able to access the Hard Rock  for a second time, a circumstance that suggested security holes in their defense systems.

Stay tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Rock Hotel, data breach)

[adrotate banner=”13″]