Trump Hotels has potentially been breached a second time in less than a year.
Banking industry sources told Brian Krebs that they’ve noticed a pattern of fraud on customer credit cards—implying the possibility of hacked credit card systems. The company is currently conducting an investigation.
“We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly.”
Kevin Watson, CEO at Netsurion, a provider of remotely-managed security services for multi-location businesses, said that if there turns out to be an intrusion—which comes on the heels of the first incident reported in October 2015—it doesn’t surprise him.
“We’ve reached a point where major corporations being breached more than once no longer comes as a shock,” he told us via email. “Data networks are continuously under attack, and as such, it’s not a matter of if but when hackers will be able to penetrate a network for the first time—or in the case of Trump Hotels—again.”
He added, “No matter how secure we build our networks, there is always a weak link; and in most cases, that weak link is the humans that interact with the network each day. Malware on a laptop used at home and at work, a compromised password, a convincing phishing attack—these are all viable ways networks with top quality security are breached every day.”
Krebs broke the news that banks have seen a pattern of fraud on cards that were all used at multiple Trump hotel locations in the past two to three months, including at Trump International Hotel New York, Trump Hotel Waikiki in Honolulu, and the Trump International Hotel & Tower in Toronto.
Zach Forsyth, a director of technology innovation at global cybersecurity leader Comodo, told Infosecurity that hospitality organizations will remain ideal targets for the savvy cyber-criminal.
“They handle highly valuable personal and financial information—the proverbial goldmine for the cyber-thief,” he said. “Large, well-known chains are even more susceptible targets due to the sheer volume of data that they store and share.”
Unfortunately, many of these companies have antiquated IT security technology in place, which is an easy workaround for the hackers.
“It’s a harsh reality that the technology some organizations use today is as effective as installing a home security system that alerts you to a break-in after the robbers have already stolen everything, vandalized the house and left,” Forsyth said. “By then, it’s too late. The focus for IT departments needs to be on protection, not detection, and installing modern secure Web gateways and advanced endpoint protection solutions that can stop malware and cyber-attacks from compromising data and negatively impacting their businesses and customers.”
Photo © anaglic/Shutterstock.com