Guests at 14 properties owned by President Donald Trump, including hotels in New York, Washington and Vancouver had information from their credit cards exposed, which was the third time in the same number of years that a security breach that lasted for months affected customers of the luxury hotel chain.
The most recent occurrence was from August 2016 thought March 2017 according to a post on the website of the company, and the breach included names of guests, addresses, and telephone numbers, along with numbers for credit cards and their specific expiration dates.
The breach was of the Sabre Hospitality Solutions system which is a booking service to make reservations that Trump Hotels used, but did not compromise the system of Trump Hotels.
The notice on the Trump site said that the protection and privacy of guests’ information is a matter of upmost importance to the company. Trump guests were notified of the breach June 5.
News of the most recent cybersecurity breach is less than one year after penalties of $50,000 were paid by Trump International Hotels to New York for not notifying guests immediately after learning of earlier breaches of personal data the led to the exposure of over 70,000 credit cards and more than 300 social security numbers.
As part of that settlement, the company was required to update its entire security practices.
Security analysts said that hotel chains have been hard hit by recent cyberattacks, in part due to lagging behind other businesses in relation to protecting their systems.
Another reason they have been hit hard by the cyberattacks is hotels tend to have large amounts of personal and credit card data across different properties.
Earlier in 2017, the InterContinental Hotel Group announced that data from credit cards of its customers was compromised at over 1,200 properties including Crown Plaza and Holiday inn hotels during a period of three months.
The Trump hotel chain has also likely become an appealing target for hacker because it has attracted many Republican lawmakers, lobbyists and many foreign dignitaries that come to visit or seek business with President Trump.
Attackers infiltrated the Trump payment processing system first in May of 2014 and installed their malware on the network to collect credit card information from the hotel’s guests, said the attorney general of New York Eric Schneiderman.
Trump Hotels found out about the hack in June of 2015 but did not let its customers know until four months later, said Schneiderman.