CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Trump Hotels Investigating Another Possible Data Breach

Trump Hotel Collection has launched an investigation after financial institutions reported seeing fraudulent activity on payment cards used at its properties.

Trump Hotel Collection has launched an investigation after financial institutions reported seeing fraudulent activity on payment cards used at its properties.

Sources in the financial sector told security blogger Brian Krebs that a pattern of fraud has been observed over the past 2-3 months on cards used at hotels owned by Republican presidential front-runner Donald Trump, including Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.

“Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses. We are in the midst of a thorough investigation on this matter and are working with the U.S. Secret Service and the F.B.I to help catch these criminals and prosecute to the full extent of the law. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump, executive vice president of development & acquisitions for Trump Hotel Collection, said in an email statement.

If confirmed, this would be the second time malicious actors breached Trump Hotels’ credit card systems. In October 2015, following reports of fraudulent activity on cards used at Trump Hotels, the company confirmed that malware had been found on computers connected to front desk and payment card terminals.

An investigation revealed that attackers might have gained access to information associated with payment cards used at Trump Hotels between May 19, 2014, and June 2, 2015. The incident affected individuals who used their payment cards at Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.

“We’ve reached a point where major corporations being breached more than once no longer comes as a shock. Data networks are continuously under attack, and as such, it’s not a matter of if but when hackers will be able to penetrate a network for the first time—or in the case of Trump Hotels—again,” said Kevin Watson, CEO at Netsurion, a provider of remotely-managed security services for multi-location businesses.

“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s no secret that big names like Trump Hotels flash like neon signs to hackers— enticing them with large quantities of valuable information. No matter how secure we build our networks, there is always a weak link; and in most cases, that weak link is the humans that interact with the network each day. Malware on a laptop used at home and at work, a compromised password, a convincing phishing attack—these are all viable ways networks with top quality security are breached every day,” Watson said via email.

Many hotel chains reported being targeted by cybercriminals last year, including Hyatt Hotels Corporation, Mandarin Oriental Hotel Group, White Lodging Services, Hilton and Starwood Hotels. Hyatt reported in mid-January that 250 of its hotels from all over the world had been affected by a breach.

Advertisement. Scroll to continue reading.

*Updated with statement from Trump Hotel Collection

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...