This article is more than 1 year old

You gambled recently in Michigan? (And by that we don't mean driving through Detroit)

Bank card slurping malware discovered in casino chain's tills

A casino owner in Michigan is warning its players after detecting bank-card-stealing malware in its payment systems.

The Four Winds Casino Resort, which operates three casinos and a service station on tribal lands in the state, said it found the software nasty after banks alerted it to fraudulent transactions.

According to Four Winds, the malware specifically sought out payment card data including cardholder name, number, expiration date, and verification numbers. The data would have been collected from cards swiped at sales terminals at the various resorts.

"It is possible that any card that was used in person at the Four Winds casino properties in New Buffalo, Hartford, or Dowagiac, or the Bent Tree Market service station on the Dowagiac property, between October 2014 and October 21, 2015, could have been copied by the program," Four Winds said.

"We do not have sufficient information to identify the name and address of individuals who swiped their payment card at our properties during this time frame."

Four Winds said it is working with the cops to investigate the security breach, and a third-party infosec biz has been brought in to check its networks and prevent any further infection. The company has also set up a site for customers who were possibly exposed in the breach.

Anyone who visited the casinos in the last year or so is being advised to keep a close eye on their bank statements and credit monitors for any suspicious or unauthorized activity. The resort has yet to say whether it will be offering affected customers a credit monitoring service.

The Four Winds resort company is one of several to have fallen victim to point of sale (POS) malware infections aimed at collecting payment card information. Big names including Hilton, Mandarin Oriental, and Trump have fallen prey to malware infections that harvest card data from cash registers and point of sale (POS) terminals. The stolen card data is typically sold off and used for fraudulent charges. ®

More about


Send us news

Other stories you might like