Hard Rock Las Vegas suffers a second data breach

The Hard Rock Hotel and Casino in Las Vegas has experienced another data breach. The hotel said in a statement that card-scraping malware was used at the point of sale to access customer payment-card data at some restaurants and retail outlets throughout the resort. The identified data including cardholder name, card number, expiration date and internal verification code, in some cases. In other cases the malware was only able to lift card data, and no names.

The rock-and-roll-themed casino launched an investigation after receiving reports of fraudulent activity associated with payment cards used at the venue, according to the Notice of Data Breach submitted to the California Attorney General.

The breach timeline includes cards that were used at some restaurant and retail outlets between October 27, 2015 and March 21, 2016.

Last year, the resort reported a similar incident when malware was spotted on the POS server, but was contained due to precautionary measures taken by the hotel.
Given that this is the second data breach under similar circumstances, it looks as if the clean-up on the first incident didn't catch everything, reports CSO Magazine. Otherwise, the situation is worse from a security standpoint. This week's disclosure could point to the fact that criminals were able to access the payment network a second time using the previous methods, or managed to find another way in.

Hospitality organizations are ideal targets for cybercriminals because they handle highly valuable personal and financial information, Zach Forsyth, a director of technology innovation at cyber security firm Comodo, told SCMagazine.com. He said large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share adding that many of these firms have antiquated IT technology in place.

“It's a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left,” Forsyth said.

New defensive approaches, advanced cybersecurity tools and increased cyber intelligence need to be deployed, said John Christly, CISO at Netsurion, told Info Security Magazine. Possible tools include things like file integrity monitoring (to tell you when files have changed that weren’t supposed to change), unified threat-management appliances (used to integrate security features such as firewall, gateway antivirus and intrusion detection), security information and event management (used to centrally collect, store and analyze log data and other data from various systems in order to provide a single point of view from which to be alerted to potential issues), and next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems).

“Only then, when systems like this are in place and being managed appropriately, will you be able to have the processes within the programs and the computer operating system and memory watched for suspicious activity— and have those tools talk to other tools that have even deeper threat intelligence from a network of other deployed sensors,” Christly said. “These advanced toolsets should ideally be outsourced to a managed security firm that specializes in this type of service, which includes having expert threat researchers that are constantly looking for new activity that could point to a hacker trying to steal data from your systems.”