Trump Hotel Collection, the hotel chain of Republican presidential candidate Donald Trump, has apparently exposed personal information of customers in hacks. Over 70,000 credit card numbers and other PII details have been leaked. The hotel chain has agreed to pay $50,000 in penalties and has promised to improve its data security practices.
The charges against the Trump Hotel Collection outline that it didn’t provide adequate protection. Furthermore, they didn’t inform the people affected, which is in direct breach of New York law.
New York Attorney General Eric T. Schneiderman has said in a statement that:
It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law.
How the Hacks Were Discovered
A 2015 analysis on fraudulent credit card transactions carried out by several banks revealed that THC was the last merchant where a legitimate transaction had been made using the cards. This is how it was suggested that THC had been targeted in a cyberattack that ended with a data breach.
News of the breach was initially reported by infosec writer Brian Krebs, who cited three unnamed sources in the financial sector.
Krebs wrote that the cards were used at several Trump Hotel buildings such as Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel and Tower in Toronto.
Investigations later found out that a person with access to legitimate domain administrator credentials had infiltrated the chain’s payment processing system in May 2014. Then, that person planted malware for stealing credit card information (infostealer). This was later observed in computer networks at multiple locations, including the New York, Las Vegas and Chicago hotels, according to the statement by the attorney general’s office.
On March 30 2016 researchers also found that THC had been in another breach with the attacker gaining access on November 10 last year and installing malware for harvesting credit card information on 39 systems in five Trump hotel properties, CSO Online reports.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: