Trump Hotel Collection, de hotelketen van de Republikeinse presidentskandidaat Donald Trump, heeft blijkbaar blootgesteld persoonlijke gegevens van de klanten in hacks. Meer dan 70,000 creditcardnummers en andere PII gegevens zijn gelekt. De hotelketen heeft ingestemd om te betalen $50,000 in penalties and has promised to improve its data security practices.
The charges against the Trump Hotel Collection outline that it didn’t provide adequate protection. Bovendien, they didn’t inform the people affected, which is in direct breach of New York law.
New York Attorney General Eric T. Schneiderman has said in a statement that:
It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law.
How the Hacks Were Discovered
Een 2015 analysis on fraudulent credit card transactions carried out by several banks revealed that THC was the last merchant where a legitimate transaction had been made using the cards. This is how it was suggested that THC had been targeted in a cyberattack that ended with a data breach.
News of the breach was initially reported by infosec writer Brian Krebs, who cited three unnamed sources in the financial sector.
Krebs wrote that the cards were used at several Trump Hotel buildings such as Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel and Tower in Toronto.
Investigations later found out that a person with access to legitimate domain administrator credentials had infiltrated the chain’s payment processing system in May 2014. Dan, that person planted malware for stealing credit card information (infostealer). This was later observed in computer networks at multiple locations, including the New York, Las Vegas and Chicago hotels, according to the statement by the attorney general’s office.
op maart 30 2016 researchers also found that THC had been in another breach with the attacker gaining access on November 10 last year and installing malware for harvesting credit card information on 39 systems in five Trump hotel properties, CSO Online reports.