Donald Trump: Mogul's hotel chain is suspected victim of widespread credit card hack

Donald Trump's chain of luxury hotels is believed to be the victim of a credit card breach dating back at least five months.

Leading computer security analyst Brian Krebs reports that sources at several US banks have made him aware of the breach, which involved unauthorised and fraudulent debit and credit card charges to accounts used at Trump hotels.

It is claimed hotels belonging to the Republican presidential candidate in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York were victims of the attack and are now dealing with the incident, which Krebs claims extends back "to at least February 2015".

After initially failing to respond to multiple requests for comment, The Trump Organisation issued a brief statement in the name of Donald's son Eric Trump, who is executive vice president of development and acquisitions at his father's company.

Suspicious credit card activity

"Like virtually every other company these days, we have been alerted to a potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties," he said, adding: "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."

It is not yet known how many cardholders were affected, or how much money was taken from their bank accounts and credit cards.

The attack on Trump's hotel chain may be related to his high public profile, but in truth hackers have targeted hotels, restaurants and retail chains for some time. Krebs speculates that a recent increase in this kind of attack is because the US will soon implement changes to credit card security, moving from magnetic strip cards to chip and PIN.

"It is likely that [an increase in card crime]...represents a response by fraudsters to upcoming changes in the United States designed to make credit and debit cards more difficult and expensive to counterfeit. Non-chip cards store cardholder data on a magnetic stripe, which can be trivially copied and re-encoded onto virtually anything else with a magnetic stripe," Krebs said.

In previous cases of card crime, cardholder information has been stolen from tills loaded with malicious software, then transferred onto blank cards and sold on the black market to crooks looking to buy high-worth items, which can be sold on for a profit.

Shared back end systems

Ken Westin, a senior security analyst at Tripwire, explained in a statement sent to IBTimes UK: "Much like many of the other breaches we have seen targeting retail and hospitality, this is not an attack that targeted a single hotel or store. Instead this was the result of a larger, more sophisticated and orchestrated attack. When a larger group of organisations appear to be involved it usually indicates that the breach took advantage of shared network resources or applications.

"Many organisations share back-end systems and payment gateways to reduce cost and increase operational efficiency, and the data on these shared systems has a very high value target for attackers."