Trump Hotels Fined for Data Breach

by Raymond Pucci 0

This probably won’t be a topic at the Presidential debates, although you never know—but the Trump Hotel Collection (THC) has been fined by the New York State Attorney General. According to the following report THC suffered a credit card data breach and delayed reporting the incident to consumers.

Trump Hotel Collection has arrived at a settlement with New York Attorney General Eric T. Schneiderman over hacks that are said to have led to the exposure of over 70,000 credit card numbers and other personal data.

The hotel chain, one of the businesses of Republican presidential candidate Donald Trump, has agreed to pay US$50,000 in penalties and promised to take measures to beef up its data security practices, according to the attorney general’s office.
The chain is one of many hotels and retailers that have been hit recently by malware that skimmed payment card information.

The key charges apparently against Trump Hotel Collection (THC) are that it didn’t have adequate protection and even after the attacks became known, did not quickly inform the people affected, in breach of New York law.

In May 2015, banks analyzed fraudulent credit card transactions and figured that THC was the last merchant where a legitimate transaction had been made using the cards, suggesting that the hotel chain had been targeted in a cyberattack that resulted in the compromise of credit card information.

Further investigations found that a person with access to legitimate domain administrator credentials had infiltrated the chain’s payment processing system in May 2014 and planted malware for stealing credit card information, which was noticed in computer networks at multiple locations, including its New York, Las Vegas and Chicago hotels, according to the statement by the attorney general’s office.

The hotel industry has been hard hit with data breaches in the last few years. No surprise given that their far flung properties offer multiple points of entry, especially where computer terminals are spread out and not always staffed, allowing for skimming devices to be installed undetected. THC experienced multiple breeches according to the NY AG’s office. Lesson to be learned by hoteliers—beef up data security with an established fraud-fighting vendor. But in any case, don’t sit on the notification to your customers whose credit card and personal data is at risk. That’s why it’s called the hospitality business.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group

Read the full story here