Security Experts:

Affinity Gaming Credit Card, Debit Card System Hacked

Casino operator Affinity Gaming has joined the growing list of businesses dealing with malicious hacker attacks against credit card and debit card systems.

The Las Vegas-based company, which operates casinos in several U.S. cities, said customer credit and debit card information at all of its Casinos was compromised in a breach that occurred between March 14 and October 16.

The company described the issue as "an unauthorized intrusion into the system that processes customer credit and debit cards." Affinity is urging all customers who visited its gaming facilities during the seven-month window to take urgent steps to protect their identities and financial information.

Affinity also acknowledged a separate hack into the system that processes credit and debit cards at its Primm Center Gas Station in Primm, Nevada.  "This intrusion began on an unknown date and it ended on November 29, 2013," the company said.

From the company's statement:  

On October 24, 2013, Affinity was contacted by law enforcement regarding fraudulent charges which may have been linked to a data breach in Affinity's system. Affinity immediately initiated a thorough investigation, supported by third-party data forensics experts who determined the nature and scope of the compromise, and confirmed that Affinity's system has been fully secured and that its customer payments are protected.  On November 14, 2013, Affinity posted notice of this incident on its website.

Affinity said its investigation determined that malware was used in the attack at its casinos in Nevada, Iowa, Missouri and Colorado. "Credit or debit card data was exposed at these locations between March 14th and October 16th of 2013," the company warned.

Affinity did not say how many customers were affected by the breach.

view counter
Ryan is the host of the SecurityWeek podcast series "Security Conversations". He is the head of Kaspersky Lab's Global Research & Analysis team in the USA and has extensive experience in computer security user education, specializing in operating system and third-party application vulnerabilities, zero-day attacks, social engineering and social networking threats. Prior to joining Kaspersky Lab, he monitored security and hacker attack trends for over 10 years, writing for eWEEK magazine and the ZDNet Zero Day blog. Follow Ryan on Twitter @ryanaraine.