Hard Rock Hotel loses customer data in seven-month hack

Las Vegas's Hard Rock Hotel has lost guests' credit and debit card details to hackers in an attack spanning seven months.

The data breach, which ran from 3 September 2014 to 3 April 2015, affected most of the resort's retail and service locations, including shops, restaurants and cafs on the property.

Personal details, including cardholders' names, card numbers and three-digit CVV security codes were all stolen.

PIN numbers and "other sensitive information" were not affected, however, the hotel said.

It has advised customers who visited the Hard Rock Hotel between these dates to check their credit and debit card statements for any unusual activity.

While special arrangements have been made for US-based customers, including free fraud resolution services from Experian, no such assistance appears to have been offered to visitors from abroad.

UK residents who used their credit card at the hotel and have been affected should be protected under the Consumer Credit Act.

Rules regarding debit card fraud vary from bank-to-bank, but they normally take into account whether the customer could have taken any steps to prevent the fraud or not.

In a statement on the hotel's website, it said: "The trust and loyalty of our customers is our highest priority."

However, George Rice, senior director of payments at HP Security Voltage, said customers are always at risk of data loss in hotels, because they rely on the company to protect their card details.

"The consumer is somewhat powerless here and must rely on the hotel's data security to prevent their card information from being stolen," he said, adding that measures like PIN debit cards only protect against one false transaction.

The news comes after US retailer Target agreed to pay $19 million to banks using MasterCard after its paypoints were hacked, resulting in the theft of 70 million customer records.

The huge data hack, which took place in November and December 2013, saw a court rule last December that the retailer was guilty of negligence.

Target had ignored multiple alerts from its FireEye-provided early warning system, and purposely disabled

security

software that may have prevented the breach.

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.