How a hotel and casino maintains privacy compliance with Enterprise Recon

Industry

Hospitality

Challenge

A major hotel and casino chain needed to protect against data breaches and maintain compliance with PCI DSS and privacy legislation across several countries.

Results

The company turned to Ground Labs for help scanning and identifying cardholder data across its network. After achieving PCI DSS compliance, the company also utilized Enterprise Recon to support CCPA, GDPR and SOX compliance.

Key Product

Enterprise Recon Pro

$3.82m

Cost of a data breach hospitality 2024

31%

hospitality organizations suffering data breach

75%

Increase in breach costs from lost business

In the vibrant world of hospitality, personal data is the lifeblood of the industry. Guests place immense trust in hospitality organizations, sharing their sensitive details with the expectation of privacy and security.

However, this treasure trove of data makes the sector a prime target for cybercriminals.

For hospitality, data protection is about more than just compliance – it's about trust, and the customer loyalty that service excellence can provide.

The challenge

A hotel and casino managing payments for millions of customers

A major leader in gaming and hospitality operating more than 50 properties across the United States and the Middle East was quickly growing into new locations. With so many different hotel and casino locations, the company manages a high volume of credit card data and other personally identifiable information (PII) from countless customers.

The company needed to protect against data breaches and ensure it was meeting payment card industry standards (PCI DSS), as well as other national and local laws and regulations.

The journey

The search for a PCI DSS compliance solution

The gaming and hospitality company was storing cardholder data across file shares, emails and some desktops. With so many customers, the company needed urgent help achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS compliance is critical for businesses handling credit card numbers to protect their customers from fraud, especially with the heightened number of data breaches.

Hackers are highly motivated to steal credit card data. If they gain access to sensitive data including primary account numbers, cardholder names, and authentication codes, hackers can impersonate the cardholder, use the card to make purchases, and even steal the cardholder’s identity.

If a data breach occurs and hackers gain access to additional customer PII and credit card data, this gaming and hospitality company could suffer significant financial losses and reputational damage. Customers lose trust in businesses after data breaches, and the costs of this add up.

To protect sensitive data and maintain customer trust, the gaming and entertainment company needed a solution to help it accurately, quickly and easily identify where credit card data and other PII was stored, enabling the company to remediate and protect the sensitive data before any future compromise.

The company turned to Ground Labs for help scanning and identifying cardholder data across its network, with a goal of becoming PCI compliant and also maintaining compliance with a variety of other privacy regulations.

After achieving PCI DSS compliance, the company expanded its data discovery search to include PII, including social security numbers, passport numbers and addresses to maintain CCPA, GDPR and SOX compliance.

The solution

Ground Labs’ Enterprise Recon helps maintain privacy compliance

Because this company handles such a high volume of credit card numbers and PII, the team knew it had a huge challenge ahead to find where all that data was being stored. It decided to partner with Ground Labs and now relies on Ground Labs’ award-winning Enterprise Recon software to meet and maintain compliance with PCI DSS and other privacy regulations.

TThe company uses Enterprise Recon PRO to find where credit card numbers are stored within both structured and unstructured data sources, including files, databases, emails, cloud, big data, and more. After scanning for credit card numbers and other data types, Enterprise Recon allows the team to view and analyze where sensitive data resides and immediately contact the owners to take action.

Before implementing Ground Labs’ solution, the company struggled with improper handling of sensitive data by its staff. Enterprise Recon has helped improve sensitive data storage across the board, reducing sensitive data incidents.

Ultimately, Enterprise Recon provides a blueprint of cardholder data and other PII storage locations across the organization, allowing the gaming and hospitality company to ensure on an ongoing basis that it is not storing any addresses or credit card, social security or passport numbers unnecessarily. Enterprise Recon enables the company to validate that it is storing its customer data securely and take action where necessary.

Enterprise Recon identified millions of customer records that were stored in unauthorized or insecure locations.

After beginning the scanning process with Ground Labs’ Enterprise Recon, the gaming and hospitality company identified millions of customer credit card numbers and other PII that were being stored in the wrong places. Enterprise Recon’s delegated remediation feature enabled the company to assign multiple teams to address the risk using Enterprise Recon so this massive undertaking didn’t fall solely on the shoulders of IT.