Security Experts:

Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Affinity Gaming Credit Card, Debit Card System Hacked

Casino operator Affinity Gaming has joined the growing list of businesses dealing with malicious hacker attacks against credit card and debit card systems.

Casino operator Affinity Gaming has joined the growing list of businesses dealing with malicious hacker attacks against credit card and debit card systems.

The Las Vegas-based company, which operates casinos in several U.S. cities, said customer credit and debit card information at all of its Casinos was compromised in a breach that occurred between March 14 and October 16.

The company described the issue as “an unauthorized intrusion into the system that processes customer credit and debit cards.” Affinity is urging all customers who visited its gaming facilities during the seven-month window to take urgent steps to protect their identities and financial information.

Affinity also acknowledged a separate hack into the system that processes credit and debit cards at its Primm Center Gas Station in Primm, Nevada.  “This intrusion began on an unknown date and it ended on November 29, 2013,” the company said.

From the company’s statement:  

On October 24, 2013, Affinity was contacted by law enforcement regarding fraudulent charges which may have been linked to a data breach in Affinity’s system. Affinity immediately initiated a thorough investigation, supported by third-party data forensics experts who determined the nature and scope of the compromise, and confirmed that Affinity’s system has been fully secured and that its customer payments are protected.  On November 14, 2013, Affinity posted notice of this incident on its website.

Affinity said its investigation determined that malware was used in the attack at its casinos in Nevada, Iowa, Missouri and Colorado. “Credit or debit card data was exposed at these locations between March 14th and October 16th of 2013,” the company warned.

Affinity did not say how many customers were affected by the breach.

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.