The Hard Rock Hotel & Casino Las Vegas suffered a **payment card breach** caused by **unauthorized access via card-scraping malware**. The incident, reported by the California Office of the Attorney General, exposed payment card data of guests who made transactions at the hotel between **October 27, 2015, and March 21, 2016**. While the exact number of affected individuals and the specific types of compromised information (e.g., card numbers, CVV, or personal details) remain undisclosed, the breach highlights a **financial and reputational risk** due to potential fraudulent transactions or misuse of payment data. The attack was executed through malware designed to **steal card details during processing**, a common tactic in cybercriminal operations targeting hospitality and retail sectors. The lack of transparency on the scale of the breach further amplifies concerns over the hotel’s data security measures and the potential long-term impact on customer trust.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-62545
TPRM report: https://www.rankiteo.com/company/hard-rock-international
"id": "har258082125",
"linkid": "hard-rock-international",
"type": "Cyber Attack",
"date": "10/2015",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Hospitality & Entertainment',
'location': 'Las Vegas, Nevada, USA',
'name': 'Hard Rock Hotel & Casino Las Vegas',
'type': 'Hospitality / Casino'}],
'attack_vector': 'Card Scraping Malware',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment Card Data']},
'description': 'The California Office of the Attorney General reported that '
'Hard Rock Hotel & Casino Las Vegas experienced a payment card '
'incident, with the investigation identifying unauthorized '
'access due to card scraping malware. The breach potentially '
'affected cards used at the hotel between October 27, 2015, '
'and March 21, 2016. The specific number of affected '
'individuals and detailed types of information compromised are '
'unknown.',
'impact': {'data_compromised': ['Payment Card Information'],
'identity_theft_risk': 'Potential (due to payment card exposure)',
'payment_information_risk': 'High',
'systems_affected': ['Point-of-Sale (POS) Systems']},
'initial_access_broker': {'high_value_targets': ['Payment Card Data']},
'investigation_status': 'Completed (as per public disclosure)',
'post_incident_analysis': {'root_causes': ['Card scraping malware infection '
'on POS systems']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential Payment Card '
'Industry Data Security '
'Standard (PCI DSS) '
'violations'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'law_enforcement_notified': True},
'title': 'Payment Card Incident at Hard Rock Hotel & Casino Las Vegas',
'type': 'Payment Card Breach / Malware Attack'}