Trump Hotels Fined Over Credit-Card Data Breach
New York State’s attorney general announced that the Trump Hotel Collection will pay $50,000 in fines after a data breach involving credit card information was traced back to the hotelier operated by presidential candidate Donald Trump.
The data breach exposed more than 70,000 credit-card numbers as well as other personal information. It was traced back to the hotel group by banks, which analyzed hundreds of fraudulent credit-card transactions in May 2015. The last legitimate charges made on the cards were at Trump properties, which suggests that the hotel chain was the victim of a cyber attack.
A preliminary investigation revealed that malware targeting credit-card information was present at multiple locations of the chain including computer networks used by its hotels in Chicago, New York, and Las Vegas.
The attorney general’s investigation revealed that someone had infiltrated the Trump Hotels payment system as far back as May 2014 using legitimate credentials to log in and then deploying the malware. The hotelier knew about the issue in June 2015 but failed to tell customers until four months later, which violated New York State law. A second breach occurred in November of last year involving 39 systems at five properties and a third attack took place in March 2016 at the New York location.
In addition to the fine, the hotelier also agreed to improve its data security and reporting procedures.
(Photo: Accura Media Group)