Two days after national retailer Target said credit and debt card information for about 40 million customers was stolen in a security breach, casino operator Affinity Gaming said Friday it suffered a similar episode.
The Las Vegas-based company said its system that processes customers’ credit and debit card transactions was hacked. Casino patrons were being warned to take necessary steps to avoid identity theft. A company attorney estimated 280,000 to 300,000 Affinity customers might be affected by the security breach.
In a statement, Affinity said customer credit and debit card information at all 12 of its casinos in four states was compromised from March 14 to Oct. 16.
Affinity operates casinos in Nevada, Iowa, Missouri and Colorado, including the off-Strip Silver Sevens and the three Primm resorts.
Affinity also said hacking compromised the system that processes credit and debit cards at its Primm Center Gas Station. The intrusion began on an unknown date and ended Nov. 29.
The company determined its system became infected by malware, which resulted in a compromise of credit and debit card information from individuals who visited the casinos.
Affinity posted a “public notice of data security incident” on its website.
Gaming Control Board Chairman A.G. Burnett said the company notified state gaming regulators as soon as it learned of the issue. The agency was focused on ensuring customers were protected.
“The company promptly notified us of what happened,” Burnett said. “They are working with us closely.”
James Prendergast, an outside legal adviser to Affinity, the intrusion was from a “very sophisticated piece of malware that got into a terrible location.” The company doesn’t store credit card information like a typical retailer, so it is hard to pinpoint an exact number of customers whose credit information might have been compromised.
“It got contained and eliminated and we called in third-party forensic investigators for confirmation that it was gone,” Prendergast said.
In the statement, the company said the public notice concerning the data security incident was to encourage customers who visited the casinos to take steps to protect their identities and financial information. It encouraged its customers to review their financial statements for any unusual activity.
“Affinity regrets any inconvenience this incident may cause and has established a confidential, toll-free inquiry line to assist its customers,” the company said.
Affinity said a confidential inquiry line was established for customers and is available 8 a.m. to 6 p.m. PST Monday through Friday, and can be reached at 877-238-2179 for U.S. and Canadian residents, or +1-814-201-3696 for other international residents.
Affinity said it notified local law enforcement and gaming regulators, as well as the U.S. Secret Service and the FBI. Credit card companies and the appropriate banks were also alerted.
“Affinity is cooperating in the ongoing law enforcement investigation of the incident,” the company said. “Affinity has also taken a number of measures to strengthen the security of our network and it has worked with legal and security vulnerability experts to help identify and implement additional appropriate safeguards.”