Trump’s hotels get hacked and victims are left holding the bag

Consumer credit card numbers have been stolen from 14 of the president’s properties in New York, Vancouver, and Washington, D.C.

The Trump Hotel logo is projected on a wall at Trump Tower in New York. CREDIT: AP Photo/Kathy Willens

Trump Hotels have a serious hacking problem.

A host of personal and financial information has been exposed from 14 of President Donald Trump’s properties over the course of the last year, the Washington Post reported. It’s the third such breach the hotel chain has faced in the past three years.

The breach occurred between August 2016 and March 2017 but wasn’t detected until June 5, according to a notice Trump Hotels sent to guests. The data exposed in the months-long breach is extensive and includes credit card data such as card numbers, expiration dates, and security codes, and detailed personal information including emails, addresses, social security numbers, phone numbers, and passport and driver license information.

Per the notice, Trump Hotels has instructed affected customers to monitor their accounts for fraud and identity theft, file a claim with the FTC, pull their credit reports, or sign up for paid credit monitoring services.

Entities that hoard data — global businesses, government agencies, hospitals — are particularly vulnerable to cyberattacks. As the Post’s Abha Bhattarai pointed out, hotel chains make that list because of the amount of data they collect and retain but also because they’ve “lagged behind many other businesses in protecting their networks.”

Trump Hotels, however, have a track record of poor cybersecurity. The international chain has suffered multiple breaches over the years. Last year, Trump International Hotels Management paid $50,000 in penalties after failing to tell customers of a breach that exposed more credit card numbers and social security numbers, the Post reported. Trump Hotels also had breaches in 2014 and 2015 after malware infected the hotel’s system, mining for financial data. Additionally, a Gizmodo investigation found that cybersecurity at Trump’s luxury golf resort in Palm Beach, Mar-A-Lago, was so weak that any “half-decent hacker” could break into open Wi-Fi networks, which could be used to take over mobile devices and computers to record conversations. President Trump himself has made multiple visits to Mar-A-Lago since taking office.

Breaches are the new normal in the digital world, and large-scale targeted attacks are becoming the norm as well. News of the latest Trump Hotels cyberattack follows several massive breaches worldwide. The NotPetya and WannaCry ransomware attacks crippled businesses and hospitals in more than a hundred countries in the past couple of months. Additionally, another Gizmodo report found that voter data belonging to 191 million people was left vulnerable by a Republican Party-connected marketing firm, which hosted the data on an insecure server that could be accessed by anyone with the URL.

Any cybersecurity threat to Trump’s businesses is a national security concern. While some of the breaches at his hotels took place before Trump took office, his position only increases the likelihood his properties are targeted. That threat is further amplified because the president frequently conducts official White House business—and often hosts foreign leaders and politicians—at his properties.

Trump Hotels previously promised to beef up their security practices as a condition of its settlement with New York state last year. But if this latest breach is any indication, there’s a lot more work that needs to be done.