14 DAY TRIAL // Several retail and service locations at the Hard Rock Hotel & Casino in Las Vegas have been compromised by hackers, who may have accessed customer card information for a period of seven months.
The incident was stopped on April 2, 2015, but the forensic investigation revealed that the attack had been going on since September 3, 2014, and it affected some restaurants, bars and retailers at the Hard Rock property, the Culinary Dropout Restaurant included.
Card security codes have been exposed
An announcement on the matter from the business informs that the event had no impact on the transactions at the hotel, casino, Nobu, Affliction John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.
The payment data that may have been pilfered by the hackers includes names, card numbers, CVV (card verification value) codes and the card expiration dates. All this is sufficient for cybercriminals to make online purchases in the name of the victim.
There is no information on the number of clients that could be affected by this incident, but the company advises anyone who made a card transaction at food and beverage locations on its property between the aforementioned time interval to check their account statements for irregular activity.
“Please review your credit and debit card statements and report any suspicious activity to your bank. Note that customers usually have no liability for unauthorized charges that are reported in a timely manner,” says in an official statement Jody Lake, Hard Rock Hotel and Casino Chief Operating Officer.
Company offers complimentary identity protection service
At the moment, card-based purchases at locations on the Hard Rock Hotel & Casino property should be safe, as the company implemented stronger security with the help of a third-party security firm.
To reduce identity theft risks, the company offers impacted customers one year of free subscription to identity protection services.
No details have been revealed about the nature of the malware used to collect payment data, or on how the hackers managed to compromise the point-of-sale machines.