It’s just hitting the media today that Affinity Gaming was hit by a cyberattack earlier this year that affected customers at its 11 casinos. They were alerted to the breach by the FBI in October, and the critical period for data compromise is March 14 – October 16. Here is the relevant parts of their announcement dated December 20 that describes the breach and a second breach:
Affinity Gaming (“Affinity”) has confirmed an unauthorized intrusion into the system that processes customer credit and debit cards for its casinos, and is issuing this public notice of the data security incident and encouraging individuals who visited its gaming facilities between March 14th and October 16th of 2013 to take steps to protect their identities and financial information. Affinity regrets any inconvenience this incident may cause and has established a confidential, toll-free inquiry line to assist its customers.
Affinity has also confirmed an unauthorized intrusion into the system that processes credit and debit cards at its Primm Center Gas Station in Primm, Nevada. This intrusion began on an unknown date and it ended on November 29, 2013.
On October 24, 2013, Affinity was contacted by law enforcement regarding fraudulent charges which may have been linked to a data breach in Affinity’s system. Affinity immediately initiated a thorough investigation, supported by third-party data forensics experts who determined the nature and scope of the compromise, and confirmed that Affinity’s system has been fully secured and that its customer payments are protected. On November 14, 2013, Affinity posted notice of this incident on its website.
Affinity’s investigation, while ongoing, has also determined that its system became infected by malware, which resulted in a compromise of credit card, and debit card, information from individuals who visited its gaming facilities: Silver Sevens Hotel & Casino in Las Vegas, NV; Rail City Casino in Sparks, NV; Primm Valley Resort & Casino in Primm, NV; Buffalo Bill’s Resort & Casino in Primm, NV; Whiskey Pete’s Hotel & Casino in Primm, NV; Lakeside Hotel- Casino in Osceola, IA; St. Jo Frontier Casino in St. Joseph, MO; Mark Twain Casino in LaGrange, MO; Golden Gates Casino in Black Hawk, CO; Golden Gulch Casino in Black Hawk, CO and, Mardi Gras Casino in Black Hawk, CO. Credit or debit card data was exposed at these locations between March 14th and October 16th of 2013.
[…]
The confidential inquiry line established by Affinity is available Monday through Friday, 8:00 a.m. to 6:00 p.m. P.S.T. and can be reached at (877) 238-2179 (U.S. and Canadian residents) or +1 (814) 201-3696 (international residents).
Affinity remains steadfast in its commitment to the security of its patrons’ information. Affinity is providing website notice of this incident and substitute notice of this incident in the states where its customers reside. Affinity has also provided notice to local law enforcement, the United States Secret Service, the United States Federal Bureau of Investigation, gaming regulators, and to certain state and international regulators. Affinity has notified the credit card companies and the appropriate banks. Affinity is cooperating in the ongoing law enforcement investigation of the incident. Affinity has also taken a number of measures to strengthen the security of our network and it has worked with legal and security vulnerability experts to help identify and implement additional appropriate safeguards.