By EDWARD HUSAR
Herald-Whig Staff Writer
LaGRANGE, Mo. -- Affinity Gaming, which owns Mark Twain Casino in LaGrange and 10 other casinos in four states, has confirmed that its credit and debit card system for non-gaming purchases has been hacked.
In a press release, the Las Vegas-based corporation said the security breach "resulted in a compromise of credit card and debit card information used in non-gaming purchases from individuals who visited its casino and casino resort facilities."
The company said credit or debit card data was exposed at all 11 of its casinos for customers who made food, beverage, hotel or retail purchases with their cards between Dec. 7 and April 28. This includes the company's two Missouri properties -- Mark Twain Casino and St. Jo Frontier Casino in St. Joseph -- along with one casino in Iowa, three in Colorado and five in Nevada.
Affinity, formerly known as Herbst Gaming and based in Paradise, Nev., is urging customers who used their credit or debit cards for such purposes "to take steps to protect their identities and financial information."
The company said ATM and cash-advance transactions were not affected by the breach.
Affinity said the company has established a confidential toll-free inquiry line (877-238-2179) to assist customers with questions about the security breach.
"Our customers are our top priority, and we can assure them we are working tirelessly, using best-in-class experts to protect our IT system and their information," David Ross, Affinity's chief executive officer, said in the statement. "We deeply regret any inconvenience this incident may cause and are ensuring our customers have the information they need to address any concerns."
LeAnn McCarthy, public information officer for the Missouri Gaming Commission, told The Herald-Whig the commission is aware of Affinity's security breach.
"However, it's not a regulatory matter," McCarthy said. "It's a matter between Affinity and their patrons."
Gerry Smriga, vice president and general manager of Mark Twain Casino, declined to comment on the security breach. He referred news media to an Affinity corporate spokesman.
Mark Twain Casino's website -- www.marktwaincasinolagrange.com -- features a link to a "2014 Notice of Data Security Event" that includes the Affinity press release. Also on the website is a link to a second press release that initially announced in December that an "unauthorized intrusion" had taken place in Affinity's credit and debit card processing system.
According to the latest press release, Affinity officials were conducting a security audit of IT systems on April 17 when it identified a "possible issue" with the system that processes debit and credit card transactions. An investigation subsequently determined the nature and scope of the compromise.
Security teams involved with the investigation "worked aggressively to fully secure the payment card systems and ensure that customer payments are protected," the press release said.