Trump Hotels Investigating Another Possible Data Breach

Trump Hotel Collection has launched an investigation after financial institutions reported seeing fraudulent activity on payment cards used at its properties.

Sources in the financial sector told security blogger Brian Krebs that a pattern of fraud has been observed over the past 2-3 months on cards used at hotels owned by Republican presidential front-runner Donald Trump, including Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.

“Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses. We are in the midst of a thorough investigation on this matter and are working with the U.S. Secret Service and the F.B.I to help catch these criminals and prosecute to the full extent of the law. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump, executive vice president of development & acquisitions for Trump Hotel Collection, said in an email statement.

If confirmed, this would be the second time malicious actors breached Trump Hotels’ credit card systems. In October 2015, following reports of fraudulent activity on cards used at Trump Hotels, the company confirmed that malware had been found on computers connected to front desk and payment card terminals.

An investigation revealed that attackers might have gained access to information associated with payment cards used at Trump Hotels between May 19, 2014, and June 2, 2015. The incident affected individuals who used their payment cards at Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.

“We’ve reached a point where major corporations being breached more than once no longer comes as a shock. Data networks are continuously under attack, and as such, it’s not a matter of if but when hackers will be able to penetrate a network for the first time—or in the case of Trump Hotels—again,” said Kevin Watson, CEO at Netsurion, a provider of remotely-managed security services for multi-location businesses.

“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s no secret that big names like Trump Hotels flash like neon signs to hackers— enticing them with large quantities of valuable information. No matter how secure we build our networks, there is always a weak link; and in most cases, that weak link is the humans that interact with the network each day. Malware on a laptop used at home and at work, a compromised password, a convincing phishing attack—these are all viable ways networks with top quality security are breached every day,” Watson said via email.

Many hotel chains reported being targeted by cybercriminals last year, including Hyatt Hotels Corporation, Mandarin Oriental Hotel Group, White Lodging Services, Hilton and Starwood Hotels. Hyatt reported in mid-January that 250 of its hotels from all over the world had been affected by a breach.

*Updated with statement from Trump Hotel Collection