Newsroom

The Hard Rock Hotel & Casino Las Vegas announced last week that some consumers' credit and debit card information may have been hacked at some of its retail and service locations.

In its statement, Hard Rock said the breach potentially affected consumers' names, card numbers, CVV codes, but not PIN numbers "or other sensitive customer information."

The hotel and casino said the breach occurred from Sept. 3, 2014, to April 2 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. It did not affect transactions made at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon, the statement said.

In related news, Sally Beauty Holdings Inc. said it is investigating reports of unusual card activity at some of its U.S. stores, according to KrebsonSecurity.com. Just last year, Sally Beauty confirmed a breach of its network that impacted most of its 2,600-plus locations nationwide. Also reported this month, point-of-sale maker Harbortouch disclosed a breach that involved some of its restaurant and bar customers. Krebs reported that the breach may have impacted more than 4,200 of its customers nationwide.

On Friday, NAFCU President and CEO Dan Berger urged member credit unions to reach out to their lawmakers and seek their support and cosponsorship of H.R. 2205 and S. 961, which would set national standards for merchant data security and lead to enhanced member data protections.

The two bills, both titled the "Data Security Act of 2015," would set national data security standards for merchants, outline a process for breach notifications and recognize financial institutions' compliance with the Gramm-Leach-Bliley Act's information security requirements. Berger testified in favor of such legislation last month during a hearing of the House Small Business Committee.