Trump Hotel Breach Likely The Result Of Malware, May Have Lasted More Than A Year

The Trump Hotel Collection operates luxury properties in a dozen cities around the world.

The Trump Hotel Collection operates luxury properties in a dozen cities around the world.

Three months after the Trump Organization confirmed that several of its hotels’ credit card systems had been breached, the company is releasing additional details on the hack that appears to have started with a computer virus and went undetected for more than a year.

Trump Hotel Collection, which previously confirmed the breach in July, announced on Wednesday that hackers apparently managed to hide inside the company’s website from May 19, 2014 to June 2, 2015, potentially gathering guests’ credit card data.

The company goes on to say that it appears there may have been unauthorized malware access to payment card information as it was entered.

Payment card data — including account numbers, expiration dates, and security codes — of guests at the following hotels: Trump SoHo New York, Trump National Doral in Miami, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto, may have been affected.

Additionally, transactions on the point-of-sale terminals at the Las Vegas and Waikiki properties may have compromised cardholder names.

“THC takes the privacy of personal information seriously,” the company said. “Immediately upon learning of a possible incident, THC notified the FBI and financial institutions, and engaged an outside forensic expert to conduct an investigation of the incident.”

The company says it has removed the malware and is in the process of reconfiguring various components of its network and payment systems to further secure our payment card processing systems.

“THC is confident that customers can safely use payment cards at all of the properties managed by THC,” the notice states.

The organization recommends customers who stayed at the affected hotels carefully review their credit and debt card accounts to determine if their information has been compromised. One year of fraud resolution and identity protection services is being offered to all customers who used credit or debit at the properties between May 19, 2014 and June 2, 2015.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.