Trump Hotels Confirms Credit Card Breach

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The Trump Hotel Collection (THC) recently began notifying an undisclosed number of customers who used credit or debit cards at the Trump International Hotel & Tower Las Vegas between May 19, 2014, and June 2, 2015 that an independent forensic investigation had determined that their payment card data may have been exposed by malware.

"While the independent forensic investigator did not find evidence that information was taken from the Hotel's systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems," the notification letter [PDF] states.

The data potentially accessed includes cardholder names, account numbers, expiration dates and security codes.

"As part of the investigation, THC has removed the malware and is in the process of reconfiguring various components of our network and payment systems to further secure our payment card processing systems," the letter states.

All those affected are being offered one year of free access to a fraud resolution and identity protection service.

Investigative reporter Brian Krebs reported in July 2015 that a pattern of fraud on credit and debit cards had indicated a likely breach at Trump properties across the United States.

There's no indication at this point of any connection between the Trump breach and the recently-disclosed breach at several Hilton Worldwide properties, which was also uncovered by Krebs.

James Socas, executive chairman at iSheriff, told eSecurity Planet by email that the news of the Trump breach, so soon after the similar news from Hilton, is yet another sign that point-of-sale devices are an Achilles' Heel for many retailers and hospitality firms. "With POS devices handling most of the payment card transactions around the world, these systems are squarely in the crosshairs of today’s cybercriminals," he said.

"Trump Hotels needs to immediately review their security policies and in particular, what they have in place to make POS endpoints much more secure," Socas added. "Each POS device could potentially open the door to their corporate network. Once a cyber-criminal is through that door, they are much harder to detect and stop."

A recent eSecurity Planet article offered advice on improving POS security.