Hard Rock Las Vegas, Noodle and Co. Confirm Hacks

In two unrelated breaches, the Hard Rock Hotel and Casino Las Vegas and Noodle and Company confirm hacks.

If you’re one of the millions who rocked out at Hard Rock Hotel and Casino Las Vegas or slurped noodles at a Noodles & Company fast food chain in the past year, it’s time to get paranoid. Both companies announced this week separate breaches that include unauthorized access to credit card data.

The Hard Rock Hotel and Casino Las Vegas began notifying guests and patrons of “certain restaurant and retail outlets” located at its Las Vegas casino that hackers breached payments systems extracting credit card data. Credit card data exposed included cardholder name, card number, expiration date, and internal verification code.

“After receiving reports of fraudulent activity associated with payment cards used at the Hard Rock Hotel and Casino Las Vegas, the resort began an investigation of its payment card network and engaged a leading cyber-security firm to assist,” the company said in a statement.

The breach effects Hard Rock Hotel and Casino Las Vegas customers that made purchases between October 27, 2015 and March 21, 2016 at the Las Vegas property. The hotel began investigating the suspicious activity on May 13 after an investigation identified signs of unauthorized access to the resort’s card payment system.

“Further investigation revealed the presence of card scraping malware that was designed to target payment card data as the data was routed through the resort’s payment card system,” the statement read.

This is the second time Hard Rock Hotel and Casino Las Vegas has been a victim of a cyberattack. In 2015 the casino property reported a breach of credit or debit card transactions between September, 2014 and April, 2015 at restaurant, bar and retail locations.

Similar to the Hard Rock breach, Noodles & Company announced this week that malware infected its backend card processing system and maybe have compromised customer credit and debit card data collected between January 31, 2016 and June 2, 2016.

Noodles & Company claims the breaches didn’t affect all of its retail locations but impacted stores located in 28 states, totaling over 400 locations. The chain has 410 retail locations as of July, 2014.

On May 17, Noodles & Company said it began investigating unusual credit card activity reported to the company by its credit card processing partners. “Noodles and Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems,” it said in a statement.

On June 2, Noodles & Company confirmed the suspicious activity on its computer systems at “certain Noodles and Company locations,” the company stated. Card data believed stolen is cardholder’s name, card number, expiration date and the internal verification code.

“Noodles and Company takes the security of our guests’ information extremely seriously, and we apologize for the inconvenience this incident has caused our guests,” wrote Kevin Reddy, chairman and CEO of Noodles and Company in a prepared statement. “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our guests,” he said.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.