26 Sep 2016
It’s known that Trump Hotel Collection suffered a data breach and credit card theft last year. Generally, when a company suffers such a breach, they redouble their cybersecurity efforts. Not so in this case, and because of the carelessness, it’s happened again.
Owned by Donald Trump, real estate mogul and Republican presidential nominee, Trump Hotel Collections and some additional properties were hacked again less than a year after the first attack. Victims weren’t notified until three months after the fact, despite a New York law (with jurisdiction over Trump Hotel Collection) requiring companies to inform customers of potential data theft as soon as possible.
Making matters worse, no steps were taken to beef up their cybersecurity after the first event. After the first hack, a report suggested adding security precautions including two-factor authentication to remotely access the company network. Trump Hotel Collection posted a note on their website after the first breach, but they don’t seem to have taken any further steps.
The hacks affected sites in Canada, Illinois, Florida, Hawaii, Nevada and New York with over 70,000 stolen credit cards and over 300 property owner Social Security numbers.
Trump Hotel Collection has been fined $50,000 by the state of New York. They have also agreed to take specific steps, including updating their policies and practices up to date and hiring a cybersecurity expert.