Hard Rock Hotel & Casino suffers data breach

This week I was at the Interop conference being held at the Mandalay Bay Resort in Las Vegas. I was amazed at the spectacle that was surrounding the Mayweather vs Paquiao fight this coming weekend. Tickets were reportedly going for about $86,000 for ringside. Highway robbery was my initial thought.

It seems that this was nothing in comparison to a criminal issue that the Hard Rock Hotel & Casino was dealing with just down the road. News came out on Thursday that they had suffered a data breach courtesy of a criminal element. The casino made it known that their payment systems in their restaurant, bar and some retail locations had been compromised.

This sounds like a tune we’ve heard before. It sounds awfully similar to the data breaches that we have seen that affected the point of sale systems at Home Depot, Target and so forth. This time it seems that the data breach began on September 3rd, 2014 until it was discovered April 2nd, 2015. Seven months of transactions. Ouch.

Now having spent more than my share of time in Vegas for a wide range of security conferences I can only imagine that the amount of money that was affected by this breach would be massive.

From the breach notification:

This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.

Please review your credit and debit card statements and report any suspicious activity to your bank. Note that customers usually have no liability for unauthorized charges that are reported in a timely manner.

If you stayed at the Hard Rock in that seven month window you would be well served to check your statements.

The company has engaged with Experian to provide identity protection for affected customers. It is unclear as to the number of affected individuals at this time.

There is a website that people can go to get more information about the breach at http://www.hardrockhotel.com/statement but, at the time of this posting the site was not live yet. The date on the breach notice to be sent out is May 1, 2015. So, it is entirely possible that it will be live later today.