Toronto included in Trump Hotels data breach

Donald Trump Jr. isn’t the only one stressed out about sensitive data leaking on the Internet.

Customers of Trump Hotels that booked one of several locations on certain dates in November 2016 may see their data tied up in a data breach that occurred on the systems of a vendor of the hotel chain, Sabre Hospitality Solutions. Trump Hotels says it was notified of the breach by Sabre on June 5 and it posted a notice to its website warning guests on Tuesday.

The Trump Toronto location is listed as one of the affected locations.

A list of the affected properties and the dates involved, from Trump Hotels.

While the hotel chain is the namesake of U.S. President Donald Trump, it is owned by InnVest Real Estate Investment Trump and was built by Talon International Development Inc. Officially, the hotel is currently operating under the name of Adelaide Hotel Toronto. Following ongoing renovations, it will be renamed to St. Regis Toronto, as reported by The Toronto Star.

The Trump chain was caught up in a wider data breach that affected other customers of Sabre. As explained in the Trump Hotels notice, Sabre’s SynXis Central Reservations system (CRS) was the target of the attack.

“An unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations,” it states. Customer data that may have been accessed includes name, email, phone number, address, payment card number, card expiration date, and potentially security code.

An investigation by Sabre shows the attacker first obtained access to Trump Hotels data on Aug. 10, 2016 and most recently accessed the information on March 9, 2017.

“We are working with Sabre to address this issue. We understand that Sabre engaged a leading cybersecurity frim to support its investigation,” the notice states. “Sabre indicated that they also notified law enforcement and payment card brands about this incident.”

The Trump Hotel chain has been the subject of past data breaches. In October 2015 it confirmed that it suffered a breach between May 2014 and June 2015. The Trump Toronto hotel was also impacted by that breach, which also included payment card information.

Breaches affecting the hospitality and tourism industry are rampant, turning their reservation and POS systems into a cybersecurity “red-light” district, says Corey Williams, senior director of products and marketing at Centrify, a security vendor.

“Point of Sale breaches are still fairly common, but generally they involve malware installed into networks of POS systems. This malware acts as a virtual skimmer, stealing card data as it is temporarily stored in memory and sending it to the criminal’s servers. How that malware gets there is often through compromised accounts that are supposed to be used for administering said POS systems. Techniques such as requiring multifactor authentication for any access to POS systems helps to reduce the attack surface of POS networks.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jackson
Former editorial director of IT World Canada. Current research director at Info-Tech

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now