X

Trump cards: Hotel chain breached, credit card data stolen

Financial sector reportedly saw patterns of fraudulent card use that pointed toward the luxury hotel chain owned by the Republican presidential candidate.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
See full bio
Laura Hautala
2 min read
42-69329743.jpg

Donald Trump and family at a groundbreaking for the Trump International Hotel in Washington, D.C. The hotel is part of the Trump Hotel Collection, which hackers reportedly breached to steal customer credit card information.

 Morris Melvin / Retna Ltd. / Corbis

It's a yuge headache.

A breach on Donald Trump's luxury hotel chain let hackers steal customer credit card information, according to a report from cybersecurity writer Brian Krebs. Krebs said he learned of the hack when multiple people in the banking and financial sector told him patterns of fraudulent charges pointed to Trump Hotel Collection as a source of stolen card data.

The reported hack only adds to the Republican presidential front-runner's growing cyberwoes. Krebs reported a previous hack on the hotel chain's payment system last July. What's more, the hacktivist group Anonymous has repeatedly targeted Trump's websites for attack and called for hackers to steal and publish his personal information.

"Like virtually every other company these days, we are routinely targeted by cyberterrorists whose only focus is to inflict harm on great American businesses," said Eric Trump, Donald Trump's son and an executive for The Trump Organization holding company, in a statement. He added that the company is working with federal law enforcement agencies to investigate the reported hack. "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."

It's unclear how many hotels or customers were affected by the reported breach.

As if travel didn't have enough stresses, guests at various hotel chains have frequently found themselves the victim of a payment system breach. The Hilton and Starwood chains have been targets in the last year, as well as the Hyatt. That includes the Hyatt Regency in San Francisco, which hosted the AppSec cybersecurity conference in 2015.

A report released last week from the BakerHostetler law firm found that hackers are focusing more on hotels, casinos and restaurants, shifting away from their previous favorite targets: grocery stores and big box outlets.

The US lags behind other parts of the world in implementing technology that secures credit card payments. Last year, cards with tiny microprocessors that encode one-time transaction numbers for each purchase became more common in the US. Other parts of the world have had those for a decade. The push for the new technology was part of a change in October that left retailers liable for fraudulent in-person charges.

Nonetheless, the microprocessor, known as an EMV chip, is not a guarantee against the theft of credit card data if the company doesn't properly store cards they have on file for customer accounts or other purposes. What's more, the data still gets sent to credit card processors and can get scooped up by hackers along the way, said George Rice, senior director of payments at Hewlett Packard Enterprise.

Hackers use "covert technologies to capture all of the payments data they need from unsuspecting retailers, despite the use of EMV," Rice said.