Mandiant has been called in to investigate the incident. Law enforcement and gaming regulatory officials have been notified.
The company has secured its payment card processing system. Affinity Gaming’s entire IT environment is also being reviewed to ensure that it’s not vulnerable to cyberattacks.
In the first phase of the investigation, experts haven’t found any evidence to suggest thatcredit card data has been stolen after April 28, when the breach was first brought to light. It’s uncertain for how many days before that the cybercriminals had access to the casino operator’s systems.
It’s also unclear how many people are impacted. However, the company has set up a toll-free confidential inquiry line for those who have questions about the incident. Customers can contact the Affinity Monday through Friday, between 6:00 AM to 6:00 PM. PST at (877) 238-2179 (US and Canada) and +1 (814) 201-3696 (international).
Affinity Gaming appears to have serious security holes in its systems since this is the second time it reports suffering a data breach. The company also warned customers that their payment cards were compromised back in December 2013.
Law enforcement notified the company on October 24, 2013 after customers reported fraudulent charges on their credit cards. At the time, it took the company more than a month to completely cut off the cybercriminals’ access.
As many as 300,000 customers might have been impacted by the first breach. More precisely, all those who have used their credit card at gaming facilities between March 14 and October 16 of 2013.
Affinity Gaming operates a total of 11 casinos in Nevada, Colorado, Missouri and Iowa. The customers of all these facilities were impacted by the breach that occurred last year.
Back in December 2013, Affinity Gaming assured customers that systems had been “fully secured.” However, it’s clear that some security holes remained. As DataBreaches.net highlights, it will be interesting to see if the Federal Trade Commission (FTC) takes any action against the casino operator.