Hard Rock Hotels & Casinos is, once again, warning customers of a data breach that may have compromised their payment card information. In a press release last week, the popular hotel, resort and casino franchise announced it was recently alerted of a security incident through its third-party hotel reservation system – Sabre Hospitality Solutions SynXis. The hotel was notified that an unauthorized party gained access to account credentials, which permitted access to unencrypted payment card details, as well as certain reservation information processed through Sabre. Following an investigation, it was determined that the unauthorized party was able to access payment card details and reservation information from August 10, 2016, to March 9, 207. The company added that it engaged a leading cybersecurity firm to support the ongoing investigation and notified law enforcement, as well as payment card issuers. According to the press release, the following Hard Rock Hotel & Casino properties were affected by the data breach:
- Hard Rock Hotel & Casino Biloxi
- Hard Rock Hotel Cancun
- Hard Rock Hotel Chicago
- Hard Rock Hotel Goa
- Hard Rock Hotel & Casino Las Vegas
- Hard Rock Hotel Palm Springs
- Hard Rock Hotel Panama Megapolis
- Hard Rock Hotel & Casino Punta Cana
- Hard Rock Hotel Rivera Maya
- Hard Rock Hotel San Diego
- Hard Rock Hotel Vallarta
In June 2016, the company announced a similar incident affecting customers of its Las Vegas location when it detected card scraping malware on its systems. The malware was found capable of stealing customer credit card numbers, names, expiration dates and verification codes. According to reports, Loews Hotels – a luxury hotel chain operating 24 locations in the U.S. and Canada – was also impacted by the Sabre incident. However, the locations affected have not yet been disclosed. In a statement released last week, Sabre explained:
“Not all reservations that were viewed included the payment card security code, as a large percentage of bookings were made without a security code being provided. Others were processed using virtual card numbers in lieu of consumer credit cards. Personal information such as social security, passport or driver’s license number was not accessed. Sabre has notified law enforcement and the credit card brands as part of our investigation.”
Customers are advised to remain vigilant for incidents of fraud and identity theft by reviewing account statements for any unauthorized or suspicious activity.