Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Trump Hotels Investigating Another Possible Data Breach

Trump Hotel Collection has launched an investigation after financial institutions reported seeing fraudulent activity on payment cards used at its properties.

Trump Hotel Collection has launched an investigation after financial institutions reported seeing fraudulent activity on payment cards used at its properties.

Sources in the financial sector told security blogger Brian Krebs that a pattern of fraud has been observed over the past 2-3 months on cards used at hotels owned by Republican presidential front-runner Donald Trump, including Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.

“Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses. We are in the midst of a thorough investigation on this matter and are working with the U.S. Secret Service and the F.B.I to help catch these criminals and prosecute to the full extent of the law. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump, executive vice president of development & acquisitions for Trump Hotel Collection, said in an email statement.

If confirmed, this would be the second time malicious actors breached Trump Hotels’ credit card systems. In October 2015, following reports of fraudulent activity on cards used at Trump Hotels, the company confirmed that malware had been found on computers connected to front desk and payment card terminals.

An investigation revealed that attackers might have gained access to information associated with payment cards used at Trump Hotels between May 19, 2014, and June 2, 2015. The incident affected individuals who used their payment cards at Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.

“We’ve reached a point where major corporations being breached more than once no longer comes as a shock. Data networks are continuously under attack, and as such, it’s not a matter of if but when hackers will be able to penetrate a network for the first time—or in the case of Trump Hotels—again,” said Kevin Watson, CEO at Netsurion, a provider of remotely-managed security services for multi-location businesses.

“We advise our customers that any business, regardless of size, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target, but it’s no secret that big names like Trump Hotels flash like neon signs to hackers— enticing them with large quantities of valuable information. No matter how secure we build our networks, there is always a weak link; and in most cases, that weak link is the humans that interact with the network each day. Malware on a laptop used at home and at work, a compromised password, a convincing phishing attack—these are all viable ways networks with top quality security are breached every day,” Watson said via email.

Many hotel chains reported being targeted by cybercriminals last year, including Hyatt Hotels Corporation, Mandarin Oriental Hotel Group, White Lodging Services, Hilton and Starwood Hotels. Hyatt reported in mid-January that 250 of its hotels from all over the world had been affected by a breach.

*Updated with statement from Trump Hotel Collection

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...