author photo
By Courtney Theim
Thu | Jul 13, 2017 | 2:40 PM PDT

If you've stayed at one of 14 Trump properties throughout the U.S. and Canada, chances are your payment card information has been compromised.

Between August 10, 2016, when the incident was first detected, and March 9, 2017, personal information such as cardholder name, payment card number, card expiration date, and possibly even card security code was accessed. Guest name, email, phone number, address, and other information may have also been accessed in certain cases.

The cyber criminals were able to access the data through Sabre SynXis Central Reservations system (CRS), which is an online system that books rooms through various outlets such as online travel agencies, that Trump Hotels use.

The servers at the actual properties were not accessed themselves.

Jack Kudale, CEO at Lacework, a provider of cloud security solutions, says, "The hack at the Trump towers follows an all-too-familiar pattern that many organizations still fail to address: a third-party was compromised, giving legitimate access to thousands of customers’ credit card data."

"Once cyber criminals obtain valid credentials, they have legitimate access to systems. Rule and policy-based security fail to stop these attacks in most cases because they cannot differentiate them from actual system usage by employees. The only approach that can detect the breach is one that focuses on behavior, defines what’s normal behavior, and detects and alerts on deviations from the baseline across the entire runtime environment," he adds.

In a letter addressing the issue, Trump Hotels says they are working with Sabre to resolve this issue, who has hired a cybersecurity team and alerted law enforcement.

You can see which 14 properties were affected here.

Other recent victims of this Sabre breach include Hard Rock hotels, and Loews hotels.

However, this isn't the first, or even second, time that Trump Hotels have been hacked. 

Just last September, Trump Hotels paid $50,000 following a breach that affected 70,000 customers. The current scope of this breach is still unknown.

Whether Trump himself is being specifically targeted or not, he sure seems to be a favorite (or least favorite) target of hackers.

Comments