Hard Rock Hotel & Casino Las Vegas is warning customers of a potential security incident involving payment cards.
Credit and debit cards may have been compromised if used at restaurant, bar and retail locations, including the Culinary Dropout Restaurant, between Sept. 3, 2014, and April 2, according to a statement by Jody Lake, chief operating officer of Hard Rock Hotel & Casino Las Vegas.
Details are vague, but Lake wrote that “criminal hackers” accessed information such as names, card numbers, expiration dates and CVV codes. She added that PIN numbers and other sensitive customer information were not included.
Hard Rock Hotel & Casino Las Vegas, which worked to contain the incident and implement additional security controls, is offering free identity protection services to potentially impacted customers, Lake wrote.
Transactions made at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo and Reliquary Spa & Salon were not affected.
Hard Rock Hotel & Casino Las Vegas did not return a SCMagazine.com request for additional information.
UPDATE: Approximately 173,000 unique payment cards were used at the affected locations during the affected time period, according to New Hampshire security breach notification, which explains that malware was discovered on a point-of-sale server on April 3, but the intrusion was contained on April 2 due to “proactive precautionary measures” taken by Hard Rock Hotel.