Trump Hotels confirms second data breach this year

Trump Waikiki

Republican presidential frontrunner Donald Trump's luxury hotel collection is reporting its second credit card data breach in a year. Data watchdog KrebsOnSecurity was informed of the breach by sources in the banking industry, and a representative of Trump Hotels told Krebs the claims are being investigated.

"We are in the midst of a thorough investigation on this matter,” the company said in a written statement. “We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly."

Three separate sources in the financial sector have reported patterns of fraud on customer credit cards linked to properties in the Trump Hotel Collection, suggesting the breach could have affected a number of the portfolio's assets. Cards that were used at multiple Trump hotel locations over the past two to three months are particularly under risk. Specific hotels mentioned include the Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel & Tower in Toronto.

Trump recently called the United States "obsolete" on cybersecurity, suggesting the country is an open target for hackers from abroad in countries such as China and Russia. 

Regardless of where the attacks come from, the frequency with which they appear in the lodging industry is difficult to ignore. Seven of Trump's hotels were the target of a data breach between May 19, 2014 and June 2, 2015. The chain's payment systems were the target of the attack, as they often are in hotels. In response, the Trump chain offered one year of free identity fraud protection to guests that were affected.

Though Trump's prominent place in today's social sphere may imply his brand is a target for hackers, the truth is that all hotel chains are subject to these attacks. In January, Hyatt itself in the midst of a breach affecting 250 of its hotels in 50 countries, one of the largest hotel data breaches on record.

Data thieves are not picky with their targets, either. Evans Hotels of California suffered a breach last year at a number of its San Diego properties, and most recently Rosen Hotels and Resorts found malware taking guest data in its Orlando hotels.