Affinity Gaming Hit with Target-Style Security Breach

Posted on: December 22, 2013, 05:30h. 

Last updated on: December 21, 2013, 08:59h.

Nevada and regional casino operator Affinity Gaming has been hit with a credit and debit card security breach.

It’s not been a good week for the industry that supposedly safeguards our credit and debit card transactions. Just days after a national scandal that pulled in the Secret Service to investigate a massive system hack at popular retailer Target – a breach that could result in fake charges, identity theft, or worse – Las Vegas-based casino company Affinity Gaming appears to have been hit with a similar fiasco.

Credit-Processing Systems Compromised

Affinity announced that their credit and debit-processing systems had been hacked by the weekend’s start, and were telling their customers – most likely close to 300,000 of whom could have been hit by the hacking – to take care to watch their credit info as well as any unauthorized charges to their accounts.

Just what everyone wants to worry about after blowing their holiday bankroll, right?

But wait, it gets worse. While Target’s breach spanned approximately five weeks – from around Thanksgiving to a week before Christmas – Affinity says theirs hit all 12 of their properties in four U.S. states, and that the breach continued unabated from March 14 of this year all the way through to October 16: that’s seven months. Included in the properties affected were the company’s popular Nevada stateline casinos, including Whiskey Pete’s, Buffalo Bill’s, and Primm Valley Resort and Casino.

According to outside legal counsel for Affinity, James Prendergast, the cyber-hack was from a “very sophisticated piece of malware that got into a terrible location. It got contained and eliminated and we called in third-party forensic investigators for confirmation that it was gone,” Prendergast noted.

No Way to Know Who Got Hit

Adding to the confusion, because Affinity doesn’t store any customer credit card information in their databases, they have no way of knowing – or notifying – who might have been affected by the Internet theft. But with casinos scattered throughout Nevada, Colorado, Missouri and Iowa, it most likely could affect a nearly nationwide consumer base, particularly as several casinos are in or near Las Vegas.

And if you happened to pump gas at Affinity’s Primm Center Gas Station – a major stopping point at  Nevada’s stateline into California – you could also be in trouble, because that business’s credit and debit processing systems were also hacked, starting on an as-yet-undetermined date and ending on November 29.

So far, the only way Affinity has been able to notify customers of any possible problems has been on their own website with a  “public notice of data security incident,” but needless to say, many who may have been hit will not ever see that.

While hacking of this scope can fall under the purview of the Secret Service and the FBI, both of whom have been notified, it definitely gets the attention of state regulatory agencies, including Nevada’s Gaming Control Board. GCB Chairman A.G. Burnett says his organization let the Nevada Gaming Commission know of the issues immediately.

“The company promptly notified us of what happened,” Burnett explained. “They are working with us closely.”

As for Affinity, aside from their website notice and media attention, they don’t have a lot of ways to let customers know what’s occurred or what to do about it, but in a statement said that “Affinity regrets any inconvenience this incident may cause and has established a confidential, toll-free inquiry line to assist its customers.”

That line, if you think you might have been affected, is open from 8 am to 6 pm Pacific Standard Time, Mondays through Fridays. The number to call for U.S. or Canadian residents is 877-238-2179; all other international residents should call Affinity at +1-814-201-3696.

“Affinity is cooperating in the ongoing law enforcement investigation of the incident,” a company statement read. “Affinity has also taken a number of measures to strengthen the security of our network and it has worked with legal and security vulnerability experts to help identify and implement additional appropriate safeguards.”

Meanwhile, for shoppers and casino customers everywhere, it’s the cyber-Grinch who stole Christmas, this year.