Hard Rock Hotel & Casino in Las Vegas has been hit by another data breach through its payment card systems.
In a statement released to California residents Monday, they said:
“On May 13, 2016, the investigation identified signs of unauthorized access to the resort’s payment card environment. Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system. In some instances the program identified payment card data that included cardholder name, card number, expiration date, and internal verification code.”
The malware was reportedly on the systems for five months from October 27, 2015, to March 21, 2016.
This is the second card breach Hard Rock Hotel has suffered in just over a year. Last May, the popular resort revealed that it suffered a seven-month-long data breach from September 3, 2014, to April 2, 2015, in which customers’ credit card numbers and CVV security codes, names, and addresses were stolen by criminals.
What’s worrying is the length of time these malware intrusions were left to linger, potentially affecting thousands of customers.
Protecting PoS systems – where to begin
To help prevent malware intrusions on PoS (point of sale) systems, it is important for organizations to implement effective measures to control the risk of malware and other external threats.
This can begin by creating a number of policies, aligned to the PCI DSS, which can help control the risks:
- Cardholder data policy statement
- Anti-malware policy
- Vulnerability management policy
Documenting your policies on these topics shows your commitment to protecting sensitive information and is also a key requirement for PCI compliance.
PCI DSS documentation help
Providing pre-written and PCI compliant templates, this toolkit will enable you to quickly and easily create your documentation so that you can produce a robust system to protect your payment card data while complying with the PCI.