According to reports coming from the local media outlets, the security of the Hard Rock Hotel and one of the best casinos in Las Vegas was breached on Monday. The criminals, whose identity is unknown until now, were able to access the payment data records of the customers.
In a worrying aspect for the US online casino owners, the cyber criminals carried out their attack after installing a card scrapping malware in the payment system of the casino. Although it is not yet known that how many customers will be affected by this breach, local officials have given an estimate to predict the damage.
According to the estimate, customers who used their cards at the casino from October 27, 2015 – March 21, 2016, are at the risk of exposed information.
While the hotel administration remained dormant ever after the attack, the presence of the malicious software was later on identified by an unnamed Cyber Security firm.
Looking at the details that could have been exposed and although the casino officials are a mum on the issue, it is speculated that details i.e. expiration date of the card, its number, the name of the cardholder, and the interval verification could have been exposed to the hackers.
Looking at the recent history of the casino and it is the 2nd time in less than 2-years that its data is breached. The first breach took place in late 2014 when the malicious software was able to extract payment card data from the computer system of the casino. At that particular instance, data from late 2014 – early 2015 was exposed.
However, while this particular casino has become a target of cyber-attacks, other resorts which include giants like Hilton, Starwood Hotels, and Mandarin Oriental Hotel Group have all suffered similar attacks in the past. Giving us a hint of the scale of these attacks, a report by Hyatt in early 2015 stated that more than 250 of its global properties were affected by such attacks in the past.
Although the overall frequency of such attacks has decreased in the last few years – with better security firewalls offering firm resistance, the hospitality industry is still suffered from cyber-attacks.
This is due to the fact that unlike any of the other businesses of the multinational organizations, the hotels and resorts store data and financial information of its customers. As a result, the hospitality industry offers a huge financial incentive to such criminals.
Despite them being obvious targets, no one should challenge the ineptitude of the hospitality sector in fighting against cyber criminals. Unlike their counterparts from other businesses, most of the resorts still rely on outdated IT systems. With no updates, these systems have now become a soft target for such attacks.
Another route which the attackers have used to steal the information of the hotel residents is the Public WI-FI networks. Once they get themselves connected with such WI-FI, the hackers have successfully stolen sensitive information of the users including their password, location and bank accounts.
Giving a gloomy account of the future, experts have warned that such attacks will not decrease in the next few years. With a clear “technology” focus, hotels are still underestimating the ability of the cyber criminals.
Also, most of the resorts lack the necessary resources in order to detect and thwart complex attacks. Therefore, warn the experts, until the strength of the system matches the frequency of the offence, guests of resorts will continue to be at risk.