Hard Rock Las Vegas Latest Victim of Card Data Breach

Las Vegas Hard Rock Hotel & Casino has issued a statement to its customers warning of a payment card incident. After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist.  On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment.  Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code.  In other instances the program only found payment card data that did not include cardholder name.  No other customer information was involved. 
Hard Rock reports it is possible that cards used at certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.
The company issued a statement warning customers that it “is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner.”
Hard Rock Hotel & Casino ensured customers in its statement that law enforcement officials have been notified and an investigation is underway. The company is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring on the affected cards. In addition, Hard Rock continues to work with the cyber security firm to further strengthen the security of our systems to help prevent this from happening in the future.
Netsurion, a provider of remotely-managed security services for multi-location businesses, offered comments on the latest breach news recommending that new defensive approaches, advanced cybersecurity tools and increased cyber intelligence need to be deployed, which usually come from a relationship with an outside vendor due to the specialized knowledge needed to understand what the tools and resulting information being gathered is telling you.

Possible tools include things like File Integrity Monitoring (to tell you when files have changed that weren’t supposed to change), Unified Threat Management appliances (used to integrate security features such as firewall, gateway anti-virus and intrusion detection), Security Information and Event Management (used to centrally collect, store and analyze log data and other data from various systems in order to provide a single point of view from which to be alerted to potential issues), and next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems).
This ad will auto-close in 10 seconds