The proven encryption technologies utilized by online and mobile casinos are looking even better following data breach of Hard Rock Hotels & Casinos and others.
We’ve become so accustomed to using mobile devices and apps to facilitate everyday, mundane tasks, that we rarely take a moment to consider the security risks. Even when we do, security and privacy policies of such websites and applications always ensure us that our information is perfectly safe. But is it really?
As a long-time user of online and mobile casinos, I’m happy to say I’ve never experienced a security breach. The top Android casinos, like Royal Vegas, comply with strict regulatory guidelines that require them to maintain the highest security protocols.
128-bit SSL encryption technologies ward against prying eyes during the transmission of all sensitive data. Whether you’re signing up a new online gaming account, logging into an existing account, making a deposit, or facilitating a withdrawal, that information is locked up tight.
Data Breach in Hard Rock Hotel Reservations
Unfortunately, this wasn’t the case for one of the most famous land-based casino hotel operations in the world. Hard Rock Hotels & Casinos issued a statement last week informing its countless customers—particularly those who had used the company’s online reservation system—their personal and/or financial information may have been compromised.
Not only was their (supposedly) secure system hacked, the duplicitous activity went on for nearly a year before customers were told about it. They weren’t even informed that an investigation was pending until the statement was released on Thursday.
“The investigation determined that the unauthorized party first obtained access to payment card and other reservation information on August 10, 2016. The last access to payment card information was on March 9, 2017.”
In Hard Rock’s defense, it wasn’t their fault that the data breach occurred. In fact, they were entirely unaware of the security issues until June 2017.
That was when Sabre Hospitality Solutions SynXis, the developer of the online reservation system, decided to let Hard Rock Hotels & Casinos in on their little secret.
Sabre Finally Reveals The Truth
In a quarterly SEC filing in May, Sabre admitted that it was investigating a data breach in its systems. The company assured, “unauthorized access has been shut off, and there is no evidence of continued unauthorized activity at this time.”
But the damage was already done. Credit card numbers, card holder names and expiration dates were exposed. Guest names and security codes, along with physical addresses and email addresses, may also have been compromised.
Hard Rock, which had no knowledge of the extensive data breach until June 2017, was forced to advise its customers:
“An unauthorized party gained access to account credentials that permitted unauthorized access to unencrypted payment card information, as well as certain reservation information, for a subset of hotel reservations processed through the reservation system.”
All customers of Hard Rock Hotels & Casinos who “booked a stay…between August 10, 2016 and March 9, 2017” at any of the following properties may have been affected.
- Hard Rock Hotel & Casino Biloxi
- Hard Rock Hotel Cancun
- Hard Rock Hotel Chicago
- Hard Rock Hotel Goa
- Hard Rock Hotel & Casino Las Vegas
- Hard Rock Hotel Palm Springs
- Hard Rock Hotel Panama Megapolis
- Hard Rock Hotel & Casino Punta Cana
- Hard Rock Hotel Rivera Maya
- Hard Rock Hotel San Diego
- Hard Rock Hotel Vallarta
Loews Hotels Also A Confirmed Victim
I’d be willing to bet online and mobile casinos, where encryption technologies are tried and true, are looking a lot better these days, especially to customers who’s sensitive information was hacked. And to make matters worse, Hard Rock properties weren’t the only ones affected.
Sabre supplies its SinXis software to approximately 36,000 hotels worldwide. NBC confirmed last week that Loews Hotels was also a victim of the security breach. Customers who made a reservation at a Loews property between “August 2016 and March 2017” may have had their credit card and personal information stolen as well.