Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.
A representative from Trump Hotels said the organization was investigating the claims.
“We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”
KrebsOnSecurity reached out to the Trump organization after hearing from three sources in the financial sector who said they’ve noticed a pattern of fraud on customer credit cards which suggests that hackers have breached credit card systems at some — if not all — of the Trump Hotel Collection properties.
On July 1, 2015, this publication was the first to report that banks suspected a breach at Trump properties. After that story ran, Trump Hotel Collection acknowledged being alerted about suspicious activity tied to accounts that were recently used at its hotels. But it didn’t officially confirm that its payment systems had been infected with card-stealing malware until October 2015.
The Trump Hotel Collection includes more than a dozen properties globally. Sources said they noticed a pattern of fraud on cards that were all used at multiple Trump hotel locations in the past two to three months, including at Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.
The hospitality industry has been hit hard by card breaches over the past two years. In April 2014, hotel franchising firm White Lodging confirmed its second card breach in a year. Card thieves also have hit Hilton, Hyatt, and Starwood properties. In many of those breaches, the hacked systems were located inside of hotel restaurants and gift shops.
Like most other current presidential candidates, Mr. Trump has offered little in the way of a policy playbook on cybersecurity. But in statements last month, Trump bashed the United States as “obsolete” on cybersecurity, and suggested the country is being “toyed with” by adversaries from China, Russia and elsewhere.
“We’re so obsolete in cyber,” Trump told The New York Times. “We’re the ones that sort of were very much involved with the creation, but we’re so obsolete.” Trump was critical of the US military’s cyber prowess, charging the Defense Department and the military are “going backwards” in cyber while “other countries are moving forward at a much more rapid pace.”
“We are frankly not being led very well in terms of the protection of this country,” Trump said.