Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Casino Operator Affinity Gaming Says Hackers Accessed Payment Card Data

Affinity Gaming Hacked

Affinity Gaming Hacked: Casino Operator Says Hackers Accessed Customer Payment Card Data

Affinity Gaming Hacked

Affinity Gaming Hacked: Casino Operator Says Hackers Accessed Customer Payment Card Data

Hackers have infiltrated the payment processing system for casinos and resort properties of Affinity Gaming and accessed customer card data, the company confirmed late Friday.

In a statement released just before the weekend, Affinity said that attackers had breached the system that processes payment cards at several of its casinos and casino resort properties.

Affinity said that during a security audit of its IT systems on April 17, 2014, it identified a possible issue in the system that processes debit and credit card transactions.

On April 24, the company first warned of an “unauthorized intrusion” into the system that processes customer payment cards for its casinos, and that it had hired FireEye-owned Mandiant to investigate the breach. 

Affinity’s investigation, which the company said was still under way, has since determined that its system was attacked by hackers and that Credit or debit card data was exposed at the following locations for customers making hotel, food and beverage, and retail purchases with their cards between December 7, 2013 and April 28, 2014:

• Silver Sevens Hotel & Casino in Las Vegas, NV

• Rail City Casino in Sparks, NV

Advertisement. Scroll to continue reading.

• Primm Valley Resort & Casino in Primm, NV

• Buffalo Bill’s Resort & Casino in Primm, NV

• Whiskey Pete’s Hotel & Casino in Primm, NV

• Lakeside Hotel-Casino in Osceola, IA

• St. Jo Frontier Casino in St. Joseph, MO

• Mark Twain Casino in LaGrange, MO

• Golden Gates Casino inBlack Hawk, CO

• Golden Gulch Casino in Black Hawk, CO

• Mardi Gras Casino in Black Hawk, CO

Affinity is encouraging individuals who visited its facilities and used their credit or debit cards for hotel, food and beverage, or retail transactions between December 7, 2013, and April 28, 2014, to take steps to protect their identities and financial information.

The company did not disclose how many cards may have been compromised as a result of the attack.

In December 2013, the gaming company disclosed that its payment card processing system was infected with malware, which resulted in the compromise of credit card, and debit card, data from individuals who visited several of its gaming facilities.

According to a company spokesperson, investigators are working to determine whether the two incidents are related.

“At this time, it is uncertain,” the spokesperson told SecurityWeek.

“Our customers are our top priority and we can assure them we are working tirelessly, using best-in-class experts to protect our IT system and their information,” David Ross, Chief Executive Officer at Affinity, said in a statement. “We deeply regret any inconvenience this incident may cause and are ensuring our customers have the information they need to address any concerns.”

The gaming company is encouraging its customers to protect themselves against possible identity theft or other financial loss by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports.

*Updated with Affinity Gaming’s response to SecurityWeek’s inquiry

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.