Hard Rock Hotel & Casino Hit with Second Card Breach

Written by

The Hard Rock Hotel & Casino in Las Vegas has experienced yet another data breach.

The establishment said in a statement that card-scraping malware was used at the point of sale to access customer payment-card data at some restaurants and retail outlets throughout the resort. The identified data including cardholder name, card number, expiration date and internal verification code, in some cases. In other cases the malware was only able to lift card data, and no names.

Unfortunately, the PoS code managed to lurk around for a while, indicating a large group of potential victims: It was active between October 27, 2015 and March 21, 2016.

Hard Rock was finally alerted to the issue after receiving reports of fraudulent activity on the cards. From there, investigators discovered unauthorized access to the card-processing network, and later discovered malware on the systems themselves.

This is the second payment-card breach for the casino, taking much the same trajectory. In May of 2015, it admitted that criminal hackers accessed credit or debit card information in a breach that lasted from Sept. 2014 to April 2015. The compromised information in that case included names, card numbers and CVV codes.

“Customers like this need to understand that they are in a digital war with the hackers that want this type of data,” said John Christly, CISO at Netsurion, in an email. “It’s a war that is being won, in many instances, by these hackers, and that absolutely needs to change. The entire industry, regardless of vertical specialty, needs to wake up and realize that traditional cybersecurity defenses are no longer working.”

New defensive approaches, advanced cybersecurity tools and increased cyber intelligence need to be deployed, he added. Possible tools include things like file integrity monitoring (to tell you when files have changed that weren’t supposed to change), unified threat management appliances (used to integrate security features such as firewall, gateway antivirus and intrusion detection), security information and event management (used to centrally collect, store and analyze log data and other data from various systems in order to provide a single point of view from which to be alerted to potential issues), and next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems).

“Only then, when systems like this are in place and being managed appropriately, will you be able to have the processes within the programs and the computer operating system and memory watched for suspicious activity— and have those tools talk to other tools that have even deeper threat intelligence from a network of other deployed sensors,” explained Christly. “These advanced toolsets should ideally be outsourced to a managed security firm that specializes in this type of service, which includes having expert threat researchers that are constantly looking for new activity that could point to a hacker trying to steal data from your systems.”

Photo © trotalo/Shutterstock.com

What’s hot on Infosecurity Magazine?