14 DAY TRIAL // Fraudulent transactions on accounts of individuals who visited some Trump properties this year indicate that the payment systems in the locations have been compromised.
Several banks in the US noticed the illegal transactions impacting their clients, all of them being at one time or another guests at hotels administered by the Trump Organization.
The Trump Organization starts investigation
Security blogger Brian Krebs received the information from multiple financial institutions, who say that the earliest time of the breach appears to be at least February 2015.
The properties that could be impacted are located in Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York. There are no details on the number of individuals whose card data has been compromised.
A boilerplate comment on the matter came from Eric Trump, Executive Vice President of Development and Acquisitions at The Trump Organization, who said that the issue is currently investigated, as a result of alerts to potential suspicious credit card activity, “to determine whether it involves any of our properties.”
“We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump added.
No information has been published about the steps taken to determine whether malicious activity was indeed occurring on the payment systems, or how the attackers managed to get in.
Cybercriminals have an easy time selling payment card info
Such incidents have become quite common in the US, where a large number of cards still rely on magnetic stripe to store sensitive information, making it trivial for cybercriminals to clone them.
Recently, Hersheypark was alerted of a possible compromise of payment processing machines on its property. According to data from banks, the cards had been used at food and beverage locations as well as ticketing stations.
Stolen card data constantly pops up for sale on underground forums and there are plenty of buyers. Financial institutions and certain law enforcement agencies monitor these online locations and often purchase items to analyze and determine a common retailer that processed the transactions, in order to find where the compromise happened.