Hard Rock Hotel & Casino Las Vegas said on Friday a malware attack may have allowed hackers to steal credit card information used at its retail and service locations.
The potential breach may have included names, credit card numbers and their CVV security codes but not PIN numbers or other sensitive customer information, the company said in a statement.
The attack, discovered on April 3, was limited to credit or debit card transactions between Sept. 3, 2014 and April 2, 2015, at the company's restaurant, bar and retail locations, including the Culinary Dropout Restaurant.
Transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon were not affected, it said.
The company said it is actively cooperating with law enforcement and credit card companies to investigate the attack.