Security Experts:

Connect with us

Hi, what are you looking for?



Casino Operator Affinity Gaming Says Hackers Accessed Payment Card Data

Affinity Gaming Hacked

Affinity Gaming Hacked: Casino Operator Says Hackers Accessed Customer Payment Card Data

Affinity Gaming Hacked

Affinity Gaming Hacked: Casino Operator Says Hackers Accessed Customer Payment Card Data

Hackers have infiltrated the payment processing system for casinos and resort properties of Affinity Gaming and accessed customer card data, the company confirmed late Friday.

In a statement released just before the weekend, Affinity said that attackers had breached the system that processes payment cards at several of its casinos and casino resort properties.

Affinity said that during a security audit of its IT systems on April 17, 2014, it identified a possible issue in the system that processes debit and credit card transactions.

On April 24, the company first warned of an “unauthorized intrusion” into the system that processes customer payment cards for its casinos, and that it had hired FireEye-owned Mandiant to investigate the breach. 

Affinity’s investigation, which the company said was still under way, has since determined that its system was attacked by hackers and that Credit or debit card data was exposed at the following locations for customers making hotel, food and beverage, and retail purchases with their cards between December 7, 2013 and April 28, 2014:

• Silver Sevens Hotel & Casino in Las Vegas, NV

• Rail City Casino in Sparks, NV

• Primm Valley Resort & Casino in Primm, NV

• Buffalo Bill’s Resort & Casino in Primm, NV

• Whiskey Pete’s Hotel & Casino in Primm, NV

• Lakeside Hotel-Casino in Osceola, IA

• St. Jo Frontier Casino in St. Joseph, MO

• Mark Twain Casino in LaGrange, MO

• Golden Gates Casino inBlack Hawk, CO

• Golden Gulch Casino in Black Hawk, CO

• Mardi Gras Casino in Black Hawk, CO

Affinity is encouraging individuals who visited its facilities and used their credit or debit cards for hotel, food and beverage, or retail transactions between December 7, 2013, and April 28, 2014, to take steps to protect their identities and financial information.

The company did not disclose how many cards may have been compromised as a result of the attack.

In December 2013, the gaming company disclosed that its payment card processing system was infected with malware, which resulted in the compromise of credit card, and debit card, data from individuals who visited several of its gaming facilities.

According to a company spokesperson, investigators are working to determine whether the two incidents are related.

“At this time, it is uncertain,” the spokesperson told SecurityWeek.

“Our customers are our top priority and we can assure them we are working tirelessly, using best-in-class experts to protect our IT system and their information,” David Ross, Chief Executive Officer at Affinity, said in a statement. “We deeply regret any inconvenience this incident may cause and are ensuring our customers have the information they need to address any concerns.”

The gaming company is encouraging its customers to protect themselves against possible identity theft or other financial loss by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports.

*Updated with Affinity Gaming’s response to SecurityWeek’s inquiry

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.