Skip to main content

Trump hotel chain confirms year-long data hack

trump tower cloudy
Trump Tower, Chicago Andrew Seaman/Flickr
The Trump hotel chain has confirmed a data security breach involving malware that the company says was on its payment systems for just over a year.

First reported last week and confirmed by the business on Monday, the high-end hotel chain owned by the billionaire Republican presidential hopeful and real estate developer Donald Trump said that between May 19, 2014, and June 2, 2015, it believes there “may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations.”

Stolen data could include payment card information such as account numbers, expiration dates, and security codes. In some instances, the cardholders’ full names may also be among the captured data.

Trump hotels caught up in the hack include those in the cities of Chicago, Honolulu, Las Vegas, Toronto, and Miami, with two premises in New York City hit.

An initial investigation has so far found no evidence of customer data being misused, the chain said, though as a precautionary measure it’s offering affected customers 12 months of free identity-theft protection. In addition, it warned those who’ve engaged with the hotel’s payment systems during the specified time period to check their credit and debit card account statements for signs of suspicious activity.

This isn’t the first case of a high-end hotel chain being hit by hackers, and very likely won’t be the last. Earlier this year, luxury hotel outfit Mandarin Oriental was caught up in a similar kind of security breach that also involved compromised payment terminals.

Such point-of-sale systems have proved rich pickings for cybercriminals over the last 18 months or so. Remember the six-month Home Depot hack? Target, too, was hit in a high-profile incident at the end of 2013.

In many cases, the stolen data ends up being sold on illicit hacking forums, with buyers using it to purchase goods online or withdraw money from bank accounts.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more
Experts found a record number of zero-day hacks in 2021
A digital depiction of a laptop being hacked by a hacker.

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies.

Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Read more
T-Mobile confirms hack, investigates whether customer data was stolen
A T-Mobile store.

T-Mobile has confirmed that its computer systems were accessed without permission and says it's now conducting an investigation to determine the full extent of the hack.

The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.

Read more