Investigation continues in second Affinity Gaming payment card breach

Share this article:
PIN data is not at risk because the retailer does not use PIN pads in its stores.
Affinity Gaming is investigating its second payment card breach in about six months.

Last week, about six months after announcing a breach that resulted in the compromise of payment card data for as many as 300,000 cardholders, Nevada-based casino operator Affinity Gaming revealed that it is investigating another payment card breach.

The incident involved unauthorized access being gained to the system that processes customer payment cards for Affinity Gaming casinos, according to an April 28 post on the website.

On Monday, Affinity Gaming posted an update, explaining their IT experts said that payment cards used after April 28 had not been compromised. Affinity Gaming additionally set up a phone line for customer inquiries.

That is the extent of what has been revealed – details have been sparse as an investigation is ongoing with law enforcement and gaming regulatory officials, as well as Mandiant, a security incident response management solutions provider, according to the post.

“Affinity has implemented controls to secure the credit card processing environment,” according to the announcement posted on April 28, which explains security will be enhanced in response to new and emerging threats. “We currently have no evidence to indicate that credit card data is being stolen.”

Affinity Gaming and Mandiant did not respond to SCMagazine.com requests for comments.

In December 2013, Affinity Gaming notified as many as 300,000 cardholders that their payment card data may have been stolen by hackers that compromised the casino operator's payment system. It was unclear when the attack began, but people were notified if they used gaming facilities between March 14, 2013, and Oct. 16, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.