• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Trump Hotels confirm massive year-long credit card data breach

Status
Not open for further replies.

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
http://krebsonsecurity.com/2015/10/trump-hotel-collection-confirms-card-breach/

The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels. The acknowledgement comes roughly three months after this author first reported that multiple financial institutions suspected the hotels were compromised.

In a Web site created to share details about the hack, The Trump Hotel Collection said the breach affects customers who used their credit or debit cards at the hotels between May 19, 2014, and June 2, 2015.


“While the independent forensic investigator did not find evidence that information was taken from the Hotel’s systems, it appears that there may have been unauthorized malware access to payment card information as it was inputted into the payment card systems. Payment card data (including payment card account number, card expiration date, and security code) of individuals who used a payment card at the Hotel between May 19, 2014, and June 2, 2015, may have been affected.

The Trump compromise is just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments. In March, upscale hotel chain Mandarin Oriental disclosed a compromise. The following month, hotel franchising firm White Lodging acknowledged that, for the second time in 12 months, card processing systems at several of its locations were breached by hackers.

On Sept. 25, this author first reported that the Hilton Hotel chain is investigating reports of a pattern of card fraud traced back to some of its properties.

The Trump advisory named the individual properties that were hit with the card-stealing malware, including Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto. The hotel collection said transactions on the point-of-sale terminals at the Las Vegas and Waikiki properties may also have been intercepted by card thieves.

This tracks almost exactly what I heard from banks in June of this year, who told me they had little doubt that Trump properties in several U.S. locations — including Chicago, Honolulu, Las Vegas, Los Angeles, Miami, and New York — were dealing with a card breach that appeared to extend back to at least February 2015. Turns out, it was quite a bit longer than that.


Many experts I’ve interviewed believe that the huge number of card breaches at U.S.-based organizations over the past year represents a response by fraudsters to changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit.

Non-chip cards store cardholder data on a magnetic stripe, which can be trivially stolen by malware designed to infect point-of-sale devices. The data is then sold to thieves who can copy and re-encode it onto virtually anything else with a magnetic stripe and use the counterfeit cards to buy stolen merchandise from big box stores.

Effective October 1, 2015, U.S.-based merchants that have not yet installed card readers which accept more secure chip-based cards assume responsibility for the cost of fraud from counterfeit cards. While most experts believe it may be years after that deadline before most merchants have switched entirely to chip-based card readers (and many U.S. banks are only now thinking about issuing chip-based cards to customers) cyber thieves no doubt well understand they won’t have this enormously profitable cash cow around much longer, and they’re busy milking it for all it’s worth.
 

Dazzler

Member
Build a firewall

mj-laughing.gif
 

IISANDERII

Member
If he can't even protect a few numbers in his own hotel, how the hell is he gonna protect an entire nation of human beings?
 

Stinkles

Clothed, sober, cooperative
I stayed at the Trump hotel in Atlantic City years ago and it was literally the worst large hotel I've ever been in. And incredibly badly run and dirty.
 

Aureon

Please do not let me serve on a jury. I am actually a crazy person.
So, is this going to be taken as seriously as clinton's email thing, or...?
 

XiaNaphryz

LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
Class action suit filed against Donald Trump's hotel chain:

A Belleville attorney has filed a class action suit against Donald Trump's hotel chain, alleging its payment system was hacked.

John Hipskind filed the lawsuit Friday in East St. Louis federal court on behalf of Belleville lawyer John Driscoll, the Belleville News-Democrat reports.

The suit alleges that between May 18, 2014, and June 2, 2015, unauthorized malware had access to customer card information in payment systems at seven Trump hotels in New York, Miami, Las Vegas, Chicago, Waikiki and Toronto. The public was notified of the breach on Sept. 29.

According to the suit, Driscoll stayed at the Trump hotels in New York and Chicago several times. The suit alleges that by waiting until September to notify customers of the breach, the Trump Corp. deprived them of the opportunity to take action to reduce their risk from fraudulent activity.

The Trump Hotel Collection has stated that an investigation has not conclusively determined that any particular card information was taken or misused.
 

marrec

Banned
I came in to make a snarky comment about security and china and Trump but then some asshole just drops this 3 word beauty and makes everything else invalid.

Fuck.
 
D

Deleted member 80556

Unconfirmed Member
The GIF and the firewall comment. This thread has delivered.
 
Status
Not open for further replies.
Top Bottom