Trump Hotels Investigates Hack ReportSuspected Card Fraud Traced to Multiple Hotel Locations
See Also: The Global State of Online Digital Trust
Trump is CEO of Trump Hotel Properties, which has confirmed that it is investigating reports that it suffered a data breach, leading to the theft and fraudulent use of its customers' payment card data.
The company's executive vice president of development and acquisitions, Eric Trump - son of Donald - on July 1 confirmed the breach investigation in a statement.
"Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties," he said. "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."
News of the potential data breach at Trump Hotel Properties was first reported by security blogger Brian Krebs. He reported that multiple banks had spotted a pattern of fraud beginning in February, suggesting that payment-card data for customers of Trump Hotel Properties in multiple locations - including Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York - had been stolen.
"Since the breach is suspected to be as far back as February of this year, most of those cards have probably already been sold," Bryan Jardine, vice president of U.S. operations and product management for security firm Easy Solutions, tells Information Security Media Group. "Since it appears to be a multi-location-style breach, more than likely it is malware-driven. This could extend beyond POS malware, unless every location uses the same POS network."
POS Malware Epidemic
If the card-data breach at Trump Hotel Properties is confirmed, it would join a long list of businesses - including numerous other hotel chains, retailers and restaurants, ranging from P.F. Chang's to Target - that have been breached by hackers and lost their customers' card data.
Security experts say U.S. cardholders remain at high risk from payment card data theft attacks due in part to the country not yet having fully adopted EMV chip and signature defenses. "The increased targeting of large American corporations, including those in retail and hospitality, is likely a result of continued use of magnetic stripe transactions within the U.S.," says threat-intelligence firm iSight Partners in a research note. "Magnetic stripe data is much easier to collect and fraudulently duplicate than EMV-chip data."
So far this year, businesses that have reported suffering card-data breaches include global luxury hotel chain Mandarin Oriental Hotel Group, organic and health food grocery chain Natural Grocers, hotel management company White Lodging Services Corp., and retailer Sally Beauty. All of those organizations - as well as many more before them - reported that the card fraud resulted from their point-of-sale systems being compromised.
Security experts say too many such POS malware attacks today succeed because retailers and other businesses are failing to change the default passwords in place on payment-card terminals, or to segment their networks, all of which would help to better defend against POS malware attacks (see Why POS Malware Still Works).
Follows Businesses "Firing" Trump
While no business wants to see its customers' card data get stolen, news of the Trump Hotel Properties breach investigation comes at an awkward time for Donald Trump, as it follows his June 16 announcement that he was seeking the 2016 Republican presidential nomination. During his campaign kickoff speech, furthermore, Trump made a number of comments that were widely viewed as being racist.
Reaction to the comments have seen Trump ending up at the receiving end of his famous "The Celebrity Apprentice" catchphrase - "You're fired" - as numerous businesses, including NBC, Macy's, Univision and Televisa, amongst others, said they would cease working with Trump. NBC also announced that it would no longer broadcast the Miss USA Pageant, which is half-owned by Trump.