Hotel / Casino Company Falls Victim to Computer Malware, and Hundreds of Thousands of Guests are Affected by the Resulting Data Breach

Yet another hotel company has been victimized by a malicious data breach, compromising its guests’ confidential personal information and exposing the hotelier to significant expense and potential liability.  This time the victim was Affinity, a Las Vegas company that owns casinos and hotels in four states. After  detecting fraudulent charges linked to one of its Iowa casinos, Affinity investigated its other holdings and  discovered that the computer system used throughout its properties had been infected by malware that allowed a data breach compromising the confidential personal information of approximately 300,000 customers who visited its casinos and hotels over a half-year period.  The company released a public statement apologizing to its customers for the breach and set up a toll-free inquiry line to assist affected customers.  Undoubtedly, it has also retained legal counsel to represent it in the almost inevitable litigation or government inquiries that will result.

This data breach, one of many recent breaches affecting the hospitality industry, once again demonstrates that hotels are attractive and lucrative targets for hackers.  Affinity could have avoided the expense and negative publicity associated with this data breach by properly training its employees, managers, and IT personnel to comply with the Payment Card Industry’s (“PCI’s”) robust data-security practices and policies.  Venza’s PCI training modules are a leading source of such training used by hotels around the globe.