Marking the third such breach in the last two years, Trump Hotels notified guests this week that 14 of its properties have been affected by a hack attack, exposing guests’ full names, emails, addresses, and credit card information, including expiration dates. Here’s what you need to know.
What Happened?
According to a notice [PDF] posted on the company’s website, the organization said it had “recently learned of an incident involving unauthorized access to guest information associated with certain hotel reservations.”
The company says the incident did not affect Trump Hotel’s systems, but rather involved a booking service it uses: Sabre Hospitality Solutions, which is also at the center of a recent breach at Loews and Hard Rock Hotels.
Following an investigation, Sabre notified Trump Hotels on June 5, 2017 “that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations” processed through Sabre’s system.
The investigation found that hackers obtained access first to Trump Hotels-related payment card and other reservation information on Aug. 10, 2016, and continued to access it through March 9, 2017.
The company says it’s working with Sabre — which has “engaged a leading cybersecurity firm” — to address the issue. Sabre has also notified law enforcement and credit card companies about the incident.
What Kind Of Information Is At Risk?
Attackers accessed payment card information — including cardholder name, card number, expiration date, and potentially card security codes.
In some cases, the unauthorized party was also able to obtain guest name, email, phone number, address, and other information, Trump Hotels says.
Which Hotels Were Affected?
There are 14 hotels on the organization’s list that could have been at risk:
Affected Properties | Relevant Booking Dates Of Affected Reservations |
Trump Central Park | 11/18/2016-11/20/2016 |
Trump Chicago | 11/13/2016-11/23/2016 |
Trump Doonbeg | 11/4/2016-11/21/2016 |
Trump Doral | 11/19/2016-11/20/2016 |
Trump Las Vegas | 11/18/2016-3/7/2017 |
Trump Panama | 11/18/2016-2/5/2017 |
Trump Soho | 7/5/2016-11/20/2016 |
Trump Toronto | 11/18/2016-11/21/2016 |
Trump Turnberry | 11/18/2016-11/18/2016 |
Trump Vancouver | 11/8/2016-11/19/2016 |
Trump Waikiki | 11/18/2016-11/20/2016 |
Trump DC | 11/7/2016-3/9/2017 |
Trump Rio De Janeiro | 11/7/2016-11/19/2016 |
Albemarle Estate | 11/6/2016-11/18/2016 |
What Should I Do?
Saying that “the privacy and protection of our guests’ information is a matter we take very seriously,” Trump Hotels is recommending that affected guests do a few things:
1. Remain vigilant for incidents of fraud and identity theft by regularly reviewing account statements and monitoring free credit reports for any unauthorized activity.
2. Find something suspicious? Report it immediately to your financial insuttions.
3. Contact the Federal Trade Commission and law enforcement authorities like your state attorney general to report incidents of theft.
4. Obtain a credit report — you can do this for free — here’s how.
5. Place a fraud alert or security freeze on a credit report file, using these helpful tips from the FTC.
For more information, guests can call Trump Hotels at 800-447-6105, Monday through Friday, 24/7, or buy snail mail at 725 Fifth Avenue, New York, NY 10022.
Déjà Vu
If all of this sounds familiar, that’s because Trump Hotels has had two other data breaches in the last two years. In July 2015, the company said it had suffered a data breach, later pinning the attack on malware that may have been at work for a year. Trump Hotels ultimately settled a lawsuit brought by New York over the breach.
In April 2016, the organization announced it was investigating yet another customer data breach.
by Mary Beth Quirk via Consumerist