The Las Vegas-based Hard Rock Hotel & Casino recently came out with a statement notifying customers of a POS malware strike and a card data breach that might have occurred in its network, the second POS security breach to happen there.
The statement, issued on June 27, says- “After receiving threat reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel & Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist. On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system.”.
Explaining the possible extent of the POS security breach, the statement says, “In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code. In other instances the program only found payment card data that did not include cardholder name. No other customer information was involved. It is possible that cards used at certain restaurant and retail outlets at the Hard Rock Hotel & Casino Las Vegas between October 27, 2015 and March 21, 2016, could have been affected.”
This is in fact the second POS security breach to happen at Hard Rock Hotel & Casino. Last year, in May, there was a similar notification of a malware strike and hackers possibly got away with card data in a breach that lasted from Sept. 2014 to April 2015. Names, card numbers, and CVV codes were stolen in the 2015 POS security breach at Hard Rock Hotel & Casino.
The statement issued by Hard Rock Hotel & Casino also advises customers to remain vigilant- “It is always advisable to remain vigilant to the possibility of fraud by reviewing your payment card statements for any unauthorized activity. You should immediately report any unauthorized charges to your card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of your payment card. Please see the section that follows this notice for additional steps you may take to protect your information.”
There is also a detailed explanation on how to protect oneself from incidents of fraud and identity theft, with all necessary details included.
POS malware strikes at hotels, hospitals, fast food restaurants etc seem to be on the rise in the recent past and hence POS security is being accorded top priority by web security vendors, experts, and entrepreneurs.