Massive Data Breach Hits Hard Rock Hotels

Hackers have stolen the payment card and personal information of thousands of the global casino giant’s hotel guests. The breach, which began last August and continued into March, occurred at a third-party reservation system. The Loews Hotel chain also was victimized

Hard Rock Hotels & Casinos has reported a massive security breach linked to the hacking of a third-party platform handling hotel reservations for the gaming giant.

The Loews Hotel chain, which uses the same platform, also was victimized.

The attackers were able to grab unencrypted payment card information for hotel reservations, including cardholder names, card numbers and expiration dates, e-mail addresses, phone numbers and addresses. In some cases, security codes were also exposed.

The avenue for the thefts was Sabre Hospitality Solutions’ SynXis system, the backbone infrastructure for reservations made through hotels and travel agencies. According to Sabre, its software is used by roughly 36,000 hotel properties.

“The unauthorized party first obtained access to payment card and other reservation information on August 10, 2016,” Hard Rock said. “The last access to payment card information was on March 9, 2017.”

Hard Rock properties in Biloxi, Cancun, Chicago, Goa, Las Vegas, Palm Springs, Panama Megapolis, Punta Cana, Rivera Maya, San Diego and Vallarta are all affected.

The company operates 176 cafes, 24 hotels and 11 casinos in 75 countries.

Sabre first reported publicly that an investigation into a possible breach was under way in a quarterly SEC filing in May. News reports said the company did not reveal exactly how the system was breached but had hired cybersecurity firm Mandiant to investigate.

In the case of Loews the attackers were able to steal credit card, security code and password information. In some cases, e-mail addresses, phone numbers and street addresses were also exposed.

**GGBNews.com is part of the Clarion Events Group of companies (Clarion). We take your privacy seriously. By registering for this newsletter we wish to use your information on the basis of our legitimate interests to keep in contact with you about other relevant events, products and services which may be of interest to you. We will only ever use the information we collect or receive about you in accordance with our Privacy Policy. You may manage your preferences or unsubscribe at any time using the link in our emails.