Affinity Gaming Hacked: Casino Operator Says Hackers Accessed Customer Payment Card Data
Hackers have infiltrated the payment processing system for casinos and resort properties of Affinity Gaming and accessed customer card data, the company confirmed late Friday.
In a statement released just before the weekend, Affinity said that attackers had breached the system that processes payment cards at several of its casinos and casino resort properties.
Affinity said that during a security audit of its IT systems on April 17, 2014, it identified a possible issue in the system that processes debit and credit card transactions.
On April 24, the company first warned of an “unauthorized intrusion” into the system that processes customer payment cards for its casinos, and that it had hired FireEye-owned Mandiant to investigate the breach.
Affinity’s investigation, which the company said was still under way, has since determined that its system was attacked by hackers and that Credit or debit card data was exposed at the following locations for customers making hotel, food and beverage, and retail purchases with their cards between December 7, 2013 and April 28, 2014:
• Silver Sevens Hotel & Casino in Las Vegas, NV
• Rail City Casino in Sparks, NV
• Primm Valley Resort & Casino in Primm, NV
• Buffalo Bill’s Resort & Casino in Primm, NV
• Whiskey Pete’s Hotel & Casino in Primm, NV
• Lakeside Hotel-Casino in Osceola, IA
• St. Jo Frontier Casino in St. Joseph, MO
• Mark Twain Casino in LaGrange, MO
• Golden Gates Casino inBlack Hawk, CO
• Golden Gulch Casino in Black Hawk, CO
• Mardi Gras Casino in Black Hawk, CO
Affinity is encouraging individuals who visited its facilities and used their credit or debit cards for hotel, food and beverage, or retail transactions between December 7, 2013, and April 28, 2014, to take steps to protect their identities and financial information.
The company did not disclose how many cards may have been compromised as a result of the attack.
In December 2013, the gaming company disclosed that its payment card processing system was infected with malware, which resulted in the compromise of credit card, and debit card, data from individuals who visited several of its gaming facilities.
According to a company spokesperson, investigators are working to determine whether the two incidents are related.
“At this time, it is uncertain,” the spokesperson told SecurityWeek.
“Our customers are our top priority and we can assure them we are working tirelessly, using best-in-class experts to protect our IT system and their information,” David Ross, Chief Executive Officer at Affinity, said in a statement. “We deeply regret any inconvenience this incident may cause and are ensuring our customers have the information they need to address any concerns.”
The gaming company is encouraging its customers to protect themselves against possible identity theft or other financial loss by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports.
*Updated with Affinity Gaming’s response to SecurityWeek’s inquiry

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Ferrari Says Ransomware Attack Exposed Customer Data
- Webinar Today: How to Build Resilience Against Emerging Cyber Threats
- Make Your Picks: Cyber Madness Bracket Challenge Starts Today
- Cyber Madness Bracket Challenge – Register to Play
- Watch Sessions: Ransomware Resilience & Recovery Summit
- Webinar Today: Entering the Cloud Native Security Era
- White House Releases National Cybersecurity Strategy
- Watch on Demand: Attack Surface Management Summit
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
