Breach, Data Security

Investigation continues in second Affinity Gaming payment card breach

Last week, about six months after announcing a breach that resulted in the compromise of payment card data for as many as 300,000 cardholders, Nevada-based casino operator Affinity Gaming revealed that it is investigating another payment card breach.

The incident involved unauthorized access being gained to the system that processes customer payment cards for Affinity Gaming casinos, according to an April 28 post on the website.

On Monday, Affinity Gaming posted an update, explaining their IT experts said that payment cards used after April 28 had not been compromised. Affinity Gaming additionally set up a phone line for customer inquiries.

That is the extent of what has been revealed – details have been sparse as an investigation is ongoing with law enforcement and gaming regulatory officials, as well as Mandiant, a security incident response management solutions provider, according to the post.

“Affinity has implemented controls to secure the credit card processing environment,” according to the announcement posted on April 28, which explains security will be enhanced in response to new and emerging threats. “We currently have no evidence to indicate that credit card data is being stolen.”

Affinity Gaming and Mandiant did not respond to requests for comments.

In December 2013, Affinity Gaming notified as many as 300,000 cardholders that their payment card data may have been stolen by hackers that compromised the casino operator's payment system. It was unclear when the attack began, but people were notified if they used gaming facilities between March 14, 2013, and Oct. 16, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.