Early reports indicate that the Trump Hotel Collection may have experienced its second credit card breach in the span of less than one year.
Brian Krebs, a respected investigative information security journalist, broke the news on his blog with a statement issued by a representative from Trump Hotels.
"We are in the midst of a thorough investigation on this matter," the statement reads. "We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly."
Krebs reached out to Trump Hotels after three sources in the financial sector said they had noticed a pattern of fraud on customers' credit cards at multiple Trump Hotel Collection properties over a period of two to three months. Those properties include Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.
News of this possible breach follows not a year after Trump Hotels began investigating another credit card breach.
Though the luxury hotel chain initiated its investigation of the breach in July of 2015, it did not confirm the incident until October.
These two security events represent the growing threat that targeted attacks pose to the hospitality industry as a whole.
"Hospitality organizations are ideal targets for the cybercriminal today because they handle highly valuable personal and financial information--the proverbial goldmine for the cyberthief. Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share," Zach Forsyth, a director of technology innovation at Comodo, told Softpedia. "Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers. It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left. By then, it’s too late."
In light of recent attacks against other organizations in the hospitality sector, including Rosen Hotels & Resorts, Forsyth recommends that hotel IT departments focus on proactive protection by installing secure web gateways and endpoint protection solutions.
Image by Joseph Sohm