Less than a year after Trump Hotels settled with the victims of a security breach, the luxury chain reports that guests at 14 Trump properties have had their payment card information stolen.
“We recently learned of an incident involving unauthorised access to guest information associated with certain hotel reservations,” a letter on the Trump company’s website read today.
The breach occurred at Sabre Hospitality Solutions, a reservation service used by Trump Hotels — the Trump properties themselves were not hacked, according to the letter. A spokesperson for Sabre told the Washington Post that less than 15 per cent of daily bookings on its reservation system was compromised.
The hotel chain, which is owned by US President Donald Trump, was reportedly notified on June 5 that an unauthorised party had gained access to payment card data for Trump Hotels dating back to 10 August 2016. The data was last accessed, the company said, on 9 March 2017.
“We are working with Sabre to address this issue,” the Trump Hotels letter says. “We understand that Sabre engaged a leading cybersecurity firm to support its investigation. Sabre indicated that they also notified law enforcement and the payment card brands about this incident.”
In September, Trump’s hotel company agreed to pay $US50,000 ($65,518) in penalties after a series of presumably unrelated security breaches compromised more than 70,000 payment cards. The breach, which began in May 2014, was only discovered after several banks noticed fraudulent transactions tied to the guests at Trump properties.
According to the Post, the more recent breach also included some non-Trump properties, including 11 Hard Rock Hotel & Casino properties and 21 Loews Hotels.
Earlier this year, a joint investigation by Gizmodo and ProPublica discovered numerous security vulnerabilities in the Wi-Fi networks at four Trump properties, including the Mar-a-Lago resort in Palm Beach, also known as the “Winter White House”.