7 Trump hotels hacked, customer data exposed

A view of The Trump International Hotel & Tower Las Vegas during its official opening in Las Vegas. © Steve Marcus
As real estate mogul Donald Trump is enjoying his lead over other Republican presidential hopefuls, the Trump Hotel Collection confirmed that seven of its properties have fallen victim to cyberattacks potentially exposing sensitive customer information.

The hotel chain posted a security notice on its website on Monday detailing the breach, which affected at least seven properties: Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.

In total, the Trump Hotel Collection (THC) manages 14 hotels around the world.

The company stated that there “may have been unauthorized malware access” to systems that process credit card payments, meaning that information such as credit card numbers, expiration dates and security codes may have been exposed. The breach is believed to have taken place between May 19, 2014, and June 2, 2015.

“Although an independent forensic investigation has not conclusively determined that any particular customer’s payment card information was taken from the Properties’ payment card system or misused, we are providing this notice out of an abundance of caution to inform potentially affected customers of the incident and to call their attention to some steps they may choose to take to help protect themselves,” the company stated.

In an FAQ posted alongside the notice, the company said the attack had targeted front desk terminals as well as terminals located inside hotel restaurants, gift shops and other point-of-sale purchase locations.

In response to the hack, THC said that it had notified the FBI and was also working with the Secret Service to “catch these criminals and prosecute them to the full extent of the law,” according to the Associated Press.

Additionally, THC said it is offering one year of complimentary fraud resolution and identity protection services to anyone whose information may have been exposed.

The news comes only days after credit agency and data broker Experian suffered a major cyberattack exposing the personal information of 15 million T-Mobile customers. That information breach included names, birth dates, addresses, and more sensitive information such as social security numbers and credit assessments made by T-mobile.