Peppermill Casinos, Inc.

The California Office of the Attorney General disclosed a data breach at **Peppermill Casinos, Inc.**, where unauthorized actors gained access to sensitive payment card data between **October 12, 2014, and February 16, 2015**. The compromised information included **credit/debit cardholder names, card numbers, expiration dates, and security codes (CVV/CVC)**—critical details that could facilitate fraudulent transactions or identity theft. The breach was publicly reported on **October 13, 2015**, nearly a year after the initial intrusion, raising concerns about delayed detection and response. While the exact number of affected individuals was not specified, the exposure of full payment card data poses significant financial risks to customers, including potential unauthorized charges, account takeovers, or phishing attacks leveraging the stolen details. The incident underscores vulnerabilities in the casino’s payment processing systems and the broader implications for consumer trust in an industry handling high volumes of financial transactions.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-58266

TPRM report: https://www.rankiteo.com/company/peppermill-inc

"id": "pep605090125",
"linkid": "peppermill-inc",
"type": "Breach",
"date": "10/2014",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'industry': 'Hospitality/Gaming',
                        'location': 'California, USA',
                        'name': 'Peppermill Casinos, Inc.',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
                 'personally_identifiable_information': 'Partial (names linked '
                                                        'to payment cards)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['payment card data']},
 'date_publicly_disclosed': '2015-10-13',
 'description': 'The California Office of the Attorney General reported that '
                'Peppermill Casinos, Inc. experienced a data breach involving '
                'unauthorized access to credit and debit card information '
                'between October 12, 2014, and February 16, 2015. The breach '
                'potentially affected credit card holder names, card numbers, '
                'expiration dates, and security codes.',
 'impact': {'data_compromised': ['credit card holder names',
                                 'card numbers',
                                 'expiration dates',
                                 'security codes'],
            'identity_theft_risk': 'High (payment card data exposed)',
            'payment_information_risk': 'High (full card details exposed)'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
                                                       'Office of the Attorney '
                                                       'General'},
 'title': 'Peppermill Casinos, Inc. Data Breach (2014-2015)',
 'type': 'Data Breach'}