Trump International Hotels Management has revealed that 14 of its properties have been compromised by a data breach. The affected properties included Trump Las Vegas, Trump Chicago, and the recently-opened Trump hotel in Washington, D.C. Some hotels had guest information stolen for a period of only three days, while other hotels had months worth of information stolen. You can check out the noteworthy dates and locations on the Trump Hotels website.
Though guests of Trump Hotels were affected, Trump Hotels itself wasn’t hacked. A data breach at a service provider compromised card payment details for payment cards used at the properties. The company uses Sabre SynXis Central Reservations to facilitate guest bookings. Sabre’s reservation systems are used by nearly 32,000 properties worldwide.
According to a notice on the Trump Hotels’ website, Sabre informed Trump Hotels about the breach on June 5. The breach is part of a cyber attack on Sabre’s systems disclosed in May. An investigation by Sabre found that the unauthorized party first accessed reservation information on Aug. 10, 2016. The last unauthorized access was on March 9 of this year.
The compromised information included payment information processed through service provider Sabre’s central reservation system. That data includes credit card data such as card numbers, expiration dates, and security codes, as well as detailed personal information including emails, addresses, social security numbers, phone numbers, and passport and driver license information.
Large-scale targeted attacks are becoming more frequent. Hotel chains are particularly vulnerable to cyber attacks because many of them do not regularly update their security to protect their networks. The amount of data they collect and retain is very attractive to hackers.
News of the latest Trump Hotels cyberattack follows several massive breaches worldwide. In the past couple of months, the NotPetya and WannaCry ransomware attacks affected businesses and hospitals in more than a hundred countries. Trump Hotels has instructed affected customers to monitor their accounts for fraud and identity theft, file a claim with the FTC, pull their credit reports, or sign up for paid credit monitoring services.
This was the third breach involving the hotel chain since May 2015. Last year, the company reached a settlement over data breaches that exposed 70,000 credit card numbers and other personal information. Trump Hotels promised to beef up their security practices as a condition of the settlement.
Any cybersecurity threat to Trump’s businesses is a national security concern. The president frequently conducts official White House business at his properties. President Trump has made multiple visits to his Florida property Mar-A-Lago since taking office and has even entertained foreign dignitaries there.