The Hard Rock Casino in Las Vegas has been hit with malware leading to the compromise of credit card data, names and addresses at restaurant, bar and retail locations.
The compromise did not affect the hotel or casino transactions. At this time, no details regarding the specific malware or other specifics regarding the compromise were provided.
However, the glaring point of this particular breach was that it went undetected for 7 months. The fact that the compromise was not detected by the hotel itself is not surprising, as many retailers have not been able to detect the presence of point-of-sale malware or exfiltration of card data.
Most of the time, the retailers discover the breach when the Secret Service or fraud analysts at banks notify them that they have detected credit card fraud patterns, or stolen cards in underground markets that puts their point-of-sale systems as the origin of the breach.
In their statement, the Hard Rock Casino did not state how they detected the breach, so it is not clear if they were notified by an agency or bank, or if they identified it on their own.