Cyber Incident Victim: Grand Sierra Resort
Date:
Feb 2014
Location:
United States of America
Summary
The Grand Sierra Resort experienced two payment card breaches affecting customers at its food and retail locations, occurring during separate multi-month periods. Payment card details including names, numbers, expiration dates, and magnetic stripe data were compromised, though lodging transactions remained unaffected. Law enforcement alerted the resort to potential issues, with forensic investigators confirming unauthorized access months later. The organization enhanced security measures but did not disclose the number of impacted individuals or provide mitigation services to affected guests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Grand Sierra Resort in Reno, Nevada, experienced two separate payment card breaches affecting guests who used cards at its onsite food and retail locations. The first incident occurred between February 19, 2014, and March 13, 2014, while the second spanned March 20, 2015, to August 6, 2015. Compromised data included cardholder names, credit card numbers, expiration dates, and both Track 1 and Track 2 data. Payment cards used for lodging reservations or payments were not affected. Law enforcement initially alerted the resort to a potential compromise on September 29, 2015, prompting an immediate investigation with third-party forensic experts. The breach confirmation occurred on January 11, 2016, nearly four months after initial notification. The resort did not publicly disclose the incident until April 25, 2016, leaving a three-month gap between confirmation and public notification. Neither the root cause of the breaches nor the total number of affected guests was disclosed in the resort’s notice.
The resort’s response included collaboration with law enforcement and forensic investigators to assess the breach scope and enhance existing security measures. A dedicated hotline (877-216-3789) with reference number 6216041816 was established for guest inquiries, operational Monday through Friday during Eastern Standard Time business hours. No credit monitoring, identity theft protection, or other mitigation services were offered to affected individuals. The resort’s notice advised guests to proactively monitor their payment card statements for unauthorized activity but provided no confirmation of whether card issuers were directly notified. Security improvements were implemented to prevent future unauthorized access, though specific technical or procedural changes were not detailed. The delayed breach confirmation and public disclosure timelines raised operational concerns, as the resort required over three months to verify the compromise after law enforcement’s initial alert and an additional three months to notify guests.