14 DAY TRIAL // The Trump Hotel Collection (THC) is a conglomerate of hotel properties owned by US Presidential candidate Donald Trump, and in a recent statement on its corporate website, the organization has acknowledged a data breach that involved seven of its hotels.
The incident took place between May 19, 2014, and June 2, 2015, and it affected customers who stayed at Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.
According to THC's statement, credit card information was exposed for all users, data that includes payment card account number, card expiration date and security code. Additionally, for users staying at its Las Vegas and Waikiki properties, the card's first and last name were also leaked.
"We do not store credit or debit card numbers of our customers," says a customer rep in a notice. "We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems."
This makes us believe that the incident was the result of a malware contamination of the hotels' Point of Sale (PoS) devices, which allowed hackers to steal credit card data in real time without their victims ever noticing.
Data breaches are becoming a day-to-day occurrence
This is not the first time something like this happens, and many others companies have also fallen victim to the same tactic in the past.
"We’re at a point where I’m no longer surprised when a breach is announced," said for Softpedia Kevin Watson, CEO of Netsurion, a provider of remotely-managed network and data security services for multi-location businesses. "What we seem to forget is that our data networks are continuously under attack, and as such, it’s not a matter of if but when hackers will be able to penetrate a network. And in the case of Trump Hotels, the bigger the name on the door, the bigger the target."
"No matter how secure we build our networks, there is always a weak link; and in most cases that weak link is the humans that interact with the network on a daily basis. A compromised password, malware on a laptop used at home and at work, a phishing attack that looks too real to pass up - these are all viable ways networks with top quality security are breached every day," also noted Mr. Watson.
“Once breached, businesses should immediately bring in outside experts to help shut down the outbound flow of data, remediate the malware or virus, and then determine how the breach occurred in the first place so security policies can be changed to reflect the risk," advised Mr. Watson.
THC did say that they immediately hired an independent forensic investigator, notified authorities, and offered to provide a free year of fraud resolution and identity protection services for all customers that stayed at the aforementioned hotels between May 19, 2014, and June 2, 2015.