The Trump Hotel Collection - a small group of luxury properties - has suffered a data breach that has involved guest credit card data, according to a report from respected security blogger Brian Krebs.
Big questions immediately arise: Is the attack politically motivated? How does it impact Trump guests? How does it impact guests at any hotels?
The last question arises, because hotels have suffered an epidemic of data breaches in the past couple years. Hilton, Starwood, Hyatt and management company White Lodging (which runs many Marriotts) have all acknowledged significant data breaches involving guest information. If you stay at hotels you have to be cognizant of the risks. They are under assault by cyber criminals.
As for the political implications, that question gets asked, because hacktivist group Anonymous in mid-March declared a “total war” on Trump and his companies. Did this organization hack Trump’s hotels? Nobody knows. Anonymous has not issued a statement saying it had. And, said Canh Tran, CEO of Chicago based data breach monitoring firm Rippleshot, his hunch is that Anonymous is not behind this incident. Tran says the evidence is not decisive. But, he said, usually it takes up to eight months for a breach to be detected, which means this Trump Hotel breach probably dates back to summer 2015, long before the Anonymous threat.
Krebs said he contacted Trump, because banking industry sources told him there was evidence of a breach at at least some Trump hotels. The company did not confirm or deny a breach. Here is what it told Krebs in a written statement: “We are in the midst of a thorough investigation on this matter. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.” (The Trump Hotel Collection had not responded to a request for comment by TheStreet.)
Last summer Trump’s hotels definitely suffered a data breach. The company created a website to address the issue. It explained: “Between May 19, 2014, and June 2, 2015, we believe that there may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels managed by the Trump Hotel Collection. For those customers that used credit or debit cards to make purchases during this time, we believe that the malware may have affected payment card data including payment card account number, card expiration date and security code.”
Trump's hotels may have special security vulnerabilities that go beyond the political candidate's celebrity. “In the SecurityScorecard platform Trump Hotel Collection is a C - 72% - compared to peers in the hospitality industry," said Sam Kassoumeh, COO at SecurityScorecard, a company that grades the IT security of organizations. "The security hygiene score is bordering a D letter grade - quite poor.”
Nonetheless, the industry as a whole has a terrible record for security, as witness the many breaches over the past few years. Why so many? “There are reasons why hotels are juicy targets [for hackers] - travelers don’t look at their expenses that carefully,"Tran said. "There are lots of point of sale terminals at hotels and many have vulnerabilities.” Think gift shops, restaurants and bars.