Fool me once shame on you, fool me twice, shame on me. In a repeat of a story we have heard over and over during the last few years, the Hard Rock Hotel and Casino in Las Vegas is notifying its customers of a major data breach that began on September 3, 2014 and was not discovered and stopped until April 2, 2015 at the restaurant, bar and various retail and service stores at its Las Vegas hotel and casino. The data breach did not extend to charges made on credit and debit cards at the casino and hotel itself nor to some of other businesses operating there including Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tatoo and Reliquary Spa & Salon. However, numerous other retail stores and services at the Hard Rock Las Vegas property were affected with credit and debit card numbers, customer names, and CVV codes compromised. Although we still do not know how the data breach was accomplished and the malware necessary to accomplish the data breach was planted in the computers of the affected companies, it is reasonable to speculate that the pattern of Target, Home Depot and so many other data breaches was followed here by which malware was implanted on the computers of the companies that were the victims of the data breaches through phishing emails that enabled the hackers to steal credit card and debit card information that could be used for purposes of fraud and identity theft. Had the United States broadly adopted the smart card chip technology used throughout the rest of the world instead of the old magnetic strip technology still used in the United States, this type of a data breach would have been of little value to the hackers, but since companies such as those affected here at the Hard Rock continue to use this old technology, they continue to put their customers in danger of identity theft.
Here is a link to a column I wrote about this problem for USA Today in September of 2014 in which I predicted exactly how this would occur.
TIPS
There is little we, as consumers, can do to convince retailers to move to the more advanced smart credit card chip technology that generates a new number for every transaction so that a data breach that steals that number would be worthless to an identity thief who could not use that number for future purchases. However, until retailers switch to this technology which is not expected to be widely adopted until October of 2015, the most important things that we can do as consumers is to refrain from using debit cards for retail purchases because they do not provide the same level of protection from liability that credit cards do. We also should regularly review our credit card bills to look for fraudulent purchases and evidence of identity theft so that we can stop the bleeding as quickly as possible. If you find that your credit card has been compromised, you should contact your credit card issuer immediately, close the account and have fraudulent charges removed. Although the law permits credit card companies to hold their customers responsible for up to $50 of fraudulent charges, most companies do not hold their customers responsible for any amount of fraudulent purchases when the fraud is reported promptly.