Let’s be honest, the last thing Donald Trump needs is more negative press. We don’t usually get involved in political issues but this month it’s hard to turn a blind eye. This is because Donald Trump’s chain of Hotels (aptly named Trump Hotels) has once again been the target of a sustained cyber-attack, designed to steal the information of their guests. After doing some digging it turns out that this is not the first time the luxury chain has been targeted, leaving us wondering why, despite being President of the US with access to the best the industry has to offer, Trump hasn’t been paying more attention to the security of his business empire.
Trump Hotels Left Orange Faced
The latest attack on Trump hotels happened earlier this year, with 14 high profile chains affected across the country including; Chicago, Central Park, Las Vegas and DC. Digital forensics found that the hack came through the 3rd party booking system Sabre SynXis, which Trump Hotels use to take some (but not all) of their bookings. SynXis was originally used because it offers hotel booking as a service to tourism operators, and means more occupied rooms for various hotels. But on June 5th, Sabre got in touch with Trump Hotels to let them know that their systems had been breached, and Trump Hotels’ client data had been targeted. Customer data stolen, among other things, included; credit card numbers, name and addresses, phone numbers, social security numbers, passports and driver’s licenses. Experts from Sabre and representatives from Trump Hotels have stated that ‘the privacy and protection of our guests’ information is a matter we take very seriously’ and that they are ‘working with Sabre to address the issue’.
While this is incredibly unfortunate for the victims of this attack, it does highlight a very valuable lesson for all business owners. It shows that your systems aren’t just vulnerable to direct attack, but integrated systems can allow hackers access through the permission you have already given the service. So when you are choosing third party software to work with, you need to vet them properly, check their security thoroughly and ensure you understand the risks as well.
For Trump Hotels, it does appear this is a lesson that hasn’t quite sunk in yet, as this isn’t the first time they’ve been the subject of such an attack. Customers of Trump Hotels have had their details put at risk twice before – once in July 2015 and again in April 2016. This second attack actually led to the company being fined the pricey sum of $50,000, but not for what you’d think. Instead of the fine being for not sufficiently protecting their digital assets, it was instead given because they waited months before notifying any customers that their credit cards and other personal information had been compromised. Who knows how many identity theft claims that resulted in!
But Trump Hotels aren’t alone in being targeted by hackers – they are just the latest in a long line of hotels and hospitality businesses who find themselves at the end of a cyber-attack. This industry is a huge target for cyber criminals, largely because they deal with such high volumes of quick turnover and sensitive data during day to day operations. Financial data is exchanged every few seconds, and the ability to view all of those cards and details is invaluable. For example, in 2008 a new breed of malware hit the internet which had been specifically designed to infiltrate casinos and resort hotels without detection. RawPOS moved swiftly, targeting establishments in the UK, Canada, Europe, The Middle East and Latin America, and the scary thing is we are still largely in the dark about how it really worked. Other victims of high profile data breaches have been the Hard Rock Hotel, Crowne Plaza, Holiday Inn and many, many more besides.