Following a May announcement that it was replacing point-of-sale (POS) devices while investigating a potential breach, Michigan-based FireKeepers Casino Hotel confirmed Friday that unauthorized access was gained to its computer systems and personal information – as well as payment card data – may have been compromised.
FireKeepers posted on its website one notification for guests and another for current and former employees, explaining in both that the incident may have affected about 85,000 credit and debit cards used between Sept. 7, 2014, and April 25 to make food, beverage and retail purchases. That information included cardholder names, card numbers, verification codes and expiration dates.
“The security compromise has been contained and payment cards have been processed securely since April 26, 2015,” the notifications said.
Additionally, unauthorized access may have been gained to a file storage server that contained personal information on some customers who provided data related to tax-reportable winnings, including names, addresses, Social Security numbers and driver's license numbers.
A variety of data on current and former employees may have been affected as well, including names, addresses, Social Security numbers, health benefit selections and medical billing information, and dependents' names and Social Security numbers. A smaller number of employees may have also had driver's license numbers and financial account information compromised.
Although an investigation is ongoing, FireKeepers and forensic investigators have not found evidence of unauthorized access to or misuse of the personal information, the notifications indicated. Data submitted through the website and information contained in the Red Hot Rewards Club database was not affected, nor were cards used for hotel reservations, cash advances and ATM transactions.
FireKeepers – which is offering credit monitoring and identity theft protection services – does not have enough contact information to directly inform individuals whose payment cards were possibly compromised, but all others should expect to be notified.
On top of replacing POS devices, FireKeepers said it is increasing firewall protections and incorporating two-factor authentication.