Affinity Gaming reports second data breach
May 5, 2014 - 1:45 pm
Casino operator Affinity Gaming reported a second breach into its system that processes customer credit and debit cards, but the Las Vegas-based company said it currently has “no evidence to indicate that information was stolen.”
Affinity, which operates 11 casinos in four states including the off-Strip Silver Sevens and the three Primm resorts, reported the breach on its website April 28.
In December, Affinity said the same system had been hacked between March 14 through Oct. 16, resulting in a breach that compromised the credit information for an estimated 280,000 to 300,000 customers.
“We are confident that the hackers could not remove credit card data beginning in the evening of April 28, 2014. We do not have that confidence before April 28. The active investigation will probably continue for another two weeks,” said Jim Prendergast, an outside attorney for Affinity.
Affinity did not say how many customers might be affected the newest breach.
In the website posting, Affinity said “a thorough investigation is under way by Mandiant, a firm with globally recognized expertise in data security and IT forensics.”
The casino operator said it implemented controls to secure the company’s credit card processing environment.
“Additional work is ongoing to confirm security of the entire Affinity IT environment,” the company said in a statement.
Affinity said it notified law enforcement and gaming regulatory officials, “and will fully cooperate with them in response to this matter.”
The company operates the Rail City Casino in Sparks as well as casinos in Iowa, Missouri and Colorado. Affinity said it will update customers as more information becomes available.
“We also will continue to evolve and enhance our system security, in response to new and emerging threats,” the company said.
Contact reporter Howard Stutz at hstutz@reviewjournal.com or 702-477-3871. Follow @howardstutz on Twitter.