Financial sector reportedly saw patterns of fraudulent card use that pointed toward the luxury hotel chain owned by the Republican presidential candidate.
It's a yuge headache.
A breach on Donald Trump's luxury hotel chain let hackers steal customer credit card information, according to a report from cybersecurity writer Brian Krebs. Krebs said he learned of the hack when multiple people in the banking and financial sector told him patterns of fraudulent charges pointed to Trump Hotel Collection as a source of stolen card data.
The reported hack only adds to the Republican presidential front-runner's growing cyberwoes. Krebs reported a previous hack on the hotel chain's payment system last July. What's more, the hacktivist group Anonymous has repeatedly targeted Trump's websites for attack and called for hackers to steal and publish his personal information.
"Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses," said Eric Trump, Donald Trump's son and an executive for The Trump Organization holding company, in a statement. He added that the company is working with federal law enforcement agencies to investigate the reported hack. "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."
It's unclear how many hotels or customers were affected by the reported breach.
As if travel didn't have enough stresses, guests at various hotel chains have frequently found themselves the victim of a payment system breach. The Hilton and Starwood chains have been targets in the last year, as well as the Hyatt. That includes the Hyatt Regency in San Francisco, which hosted the AppSec cybersecurity conference in 2015.
A report released last week from the BakerHostetler law firm found that hackers are focusing more on hotels, casinos and restaurants, shifting away from their previous favorite targets: grocery stores and big box outlets.
The US lags behind other parts of the world in implementing technology that secures credit card payments. Last year, cards with tiny microprocessors that encode one-time transaction numbers for each purchase became more common in the US. Other parts of the world have had those for a decade. The push for the new technology was part of a change in October that left retailers liable for fraudulent in-person charges.
Nonetheless, the microprocessor, known as an EMV chip, is not a guarantee against the theft of credit card data if the company doesn't properly store cards they have on file for customer accounts or other purposes. What's more, the data still gets sent to credit card processors and can get scooped up by hackers along the way, said George Rice, senior director of payments at Hewlett Packard Enterprise.
Hackers use "covert technologies to capture all of the payments data they need from unsuspecting retailers, despite the use of EMV," Rice said.