Cyber Incident Victim: Affinity Gaming

Affinity Gaming, a Las Vegas-based casino operator with properties across Nevada, Colorado, Missouri, and Iowa, experienced two cybersecurity incidents targeting its payment card processing systems within a six-month period between late 2013 and mid-2014. The first breach occurred in December 2013 when malware infected the company's card processing infrastructure, compromising customer credit and debit card data. This initial attack prompted internal security measures, though specific containment actions weren't publicly detailed. Five months later in May 2014, Affinity disclosed a second security event involving unauthorized access to the same payment processing environment. The company stated it found no evidence of active data exfiltration during this subsequent breach but confirmed the system had been compromised.

Affinity Gaming responded to the May 2014 incident by implementing additional security protocols to fortify its payment systems and engaging Mandiant, a prominent cybersecurity firm, to conduct forensic analysis. The breach affected all 11 casino properties under Affinity's ownership, spanning five Nevada locations, three in Colorado, two in Missouri, and one in Iowa. While the December 2013 malware attack definitively compromised payment card information, the company maintained that the May intrusion did not demonstrably result in data theft. Both incidents disrupted normal payment processing operations, though the duration and financial consequences of these disruptions weren't quantified in available reports. The repeated breaches within a short timeframe indicated persistent vulnerabilities in Affinity's payment infrastructure despite interim security efforts following the initial compromise.