Hard Rock Hotels & Casinos state that beginning August 10, 2016 and ending March 9, 2017, an unauthorized party obtained access to payment card and other reservation information.  Unencrypted payment card information for hotel reservations included card names, numbers and expiry dates.  In some instances security codes, email addresses, phone numbers and addresses were included.  The hotels use SynXis which is their 3rd party reservation system which provided the backbone for the data theft.

Hard Rock's properties in Chicago, Goa, Las Vegas, Palm Springs, Panama Megapolis, Punta Cana, Rivera, Maya, Sand Diego, Biloxi, Cancun, and Vallarta are all affected.