Hackers had access to credit card details and other personal information of guests at 14 Trump properties in 2016 in a months-long security breach, Trump Hotels revealed on Tuesday (11 July). The announcement comes just months after Trump International Hotels Management was forced to pay $50,000 (£38,985) to New York state for failing to immediately inform customers about an earlier data breach.
According to a statement released on the luxury chain's website, hackers managed to access the names, addresses and phone numbers as well as payment card numbers, card expiration dates and possibly card security codes of guests who stayed at Trump hotels between 10 August 2016 and 9 March 2017.
Guests at 14 Trump properties, including hotels in New York City, Washington D.C., Las Vegas, Chicago, Rio De Janeiro and Vancouver were affected in the breach.
The organisation noted that Social Security numbers, passports and driver's licence numbers were not accessed in the breach. It added that the cyberattack did not affect Trump Hotels' systems.
Trump Hotels was among the numerous hospitality firms affected by the Sabre Hospitality Solutions data breach. The massive breach saw hackers break into the Sabre's SynXis Central Reservation system (CRS), used by Trump Hotels and about 500 other companies for centralised guest bookings.
Others organisations affected by the attack include the Hard Rock Hotels, Loews Hotels and the Four Seasons hotels and resorts.
"Following an investigation, Sabre notified us on June 5, 2017 that an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations processed through Sabre's CRS", the Trump organisation said in a statement.
"We are working with Sabre to address this issue. We understand that Sabre engaged a leading cybersecurity firm to support its investigation. Sabre indicated that they also notified law enforcement and the payment card brands about this incident."
The Trump organisation advised affected customers to monitor their account statements for possible incidents of fraud and identity theft.
"The privacy and protection of our guests' information is a matter we take very seriously", it added. "We apologize for any inconvenience caused by this incident."
This isn't the first time Trump Hotels' guests have been hit by a months-long data breach.
In May 2014, hackers installed malware designed to swipe payment card information in the computer systems of seven Trump Hotels. More than 70,000 credit card numbers, 300 Social Security numbers and other personal information were exposed in the breach. In November 2015, an attacker installed malware on 39 systems that affected five Trump hotel properties in a second breach.
In March 2016, the attacker targeted a legacy payment system including the personal data of Trump hotel property owners and social security numbers of over 300 people.
Trump International Hotels Management later agreed to pay up $50,000 to settle with New York state over the data breaches, which resulted in the theft of 70,000 credit card numbers and 300 Social Security numbers. As part of the agreement, the organisation agreed to bolster its digital security practices.