The Trump hotel chain has confirmed a data security breach involving malware that the company says was on its payment systems for just over a year.
First reported last week and confirmed by the business on Monday, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump said that between May 19, 2014, and June 2, 2015, it believes there “may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations.”
Stolen data could include payment card information such as account numbers, expiration dates, and security codes. In some instances, the cardholders’ full names may also be among the captured data.
Trump hotels caught up in the hack include those in the cities of Chicago, Honolulu, Las Vegas, Toronto, and Miami, with two premises in New York City hit.
An initial investigation has so far found no evidence of customer data being misused, the chain said, though as a precautionary measure it’s offering affected customers 12 months of free identity-theft protection. In addition, it warned those who’ve engaged with the hotel’s payment systems during the specified time period to check their credit and debit card account statements for signs of suspicious activity.
This isn’t the first case of a high-end hotel chain being hit by hackers, and very likely won’t be the last. Earlier this year, luxury hotel outfit Mandarin Oriental was caught up in a similar kind of security breach that also involved compromised payment terminals.
Such point-of-sale systems have proved rich pickings for cybercriminals over the last 18 months or so. Remember the six-month Home Depot hack? Target, too, was hit in a high-profile incident at the end of 2013.
In many cases, the stolen data ends up being sold on illicit hacking forums, with buyers using it to purchase goods online or withdraw money from bank accounts.