The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and now Republican presidential candidate Donald Trump, appears to be the latest victim of a credit card breach, according to data shared by several US-based banks.
Contacted regarding reports from sources at several banks who traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels, the company declined multiple requests for comment.
Update, 4:56 p.m. ET: The Trump Organization just acknowledged the issue with a brief statement from The Donald’s third child, Eric Trump, executive vice president of development and acquisitions: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,” the statement reads. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”
Original story:
But sources in the financial industry say they have little doubt that Trump properties in several U.S. locations " including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York " are dealing with a card breach that appears to extend back to at least February 2015.
If confirmed, the incident would be the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments. In March, upscale hotel chain Mandarin Oriental disclosed a compromise. The following month, hotel franchising firm White Lodging acknowledged that, for the second time in 12 months, card processing systems at several of its locations were breached by hackers.
Trump International Hotel and Tower in Chicago.
It is likely that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to upcoming changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit.
Non-chip cards store cardholder data on a magnetic stripe, which can be trivially copied and re-encoded onto virtually anything else with a magnetic stripe.
Magnetic-stripe based cards are the primary target for hackers who have been breaking into retailers like Target and Home Depot and installing malicious software on the cash registers: The data is quite valuable to crooks because it can be sold to thieves who encode the information onto new plastic and go shopping at big box stores for stuff they can easily resell for cash (think high-dollar gift cards and electronics).
In October 2015, merchants that have not yet installed card readers which accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards.
While most experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers (and many U.S. banks are only now thinking about issuing chip-based cards to customers) cyber thieves no doubt well understand they won’t have this enormously profitable cash cow around much longer, and they’re busy milking it for all it’s worth.
Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper, including eight front-page stories in the dead-tree edition and a Post Magazine cover piece on botnet operators. He was recently profiled in Business Week and by Poynter.org.
www.krebsonsecurity.com
