Toronto included in Trump Hotels data breach

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

Donald Trump Jr. isn’t the only one stressed out about sensitive data leaking on the Internet.

Customers of Trump Hotels that booked one of several locations on certain dates in November 2016 may see their data tied up in a data breach that occurred on the systems of a vendor of the hotel chain, Sabre Hospitality Solutions. Trump Hotels says it was notified of the breach by Sabre on June 5 and it posted a notice to its website warning guests on Tuesday.

The Trump Toronto location is listed as one of the affected locations.

A list of the affected properties and the dates involved, from Trump Hotels.

While the hotel chain is the namesake of U.S. President Donald Trump, it is owned by InnVest Real Estate Investment Trump and was built by Talon International Development Inc. Officially, the hotel is currently operating under the name of Adelaide Hotel Toronto. Following ongoing renovations, it will be renamed to St. Regis Toronto, as reported by The Toronto Star.

The Trump chain was caught up in a wider data breach that affected other customers of Sabre. As explained in the Trump Hotels notice, Sabre’s SynXis Central Reservations system (CRS) was the target of the attack.

“An unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations,” it states. Customer data that may have been accessed includes name, email, phone number, address, payment card number, card expiration date, and potentially security code.

An investigation by Sabre shows the attacker first obtained access to Trump Hotels data on Aug. 10, 2016 and most recently accessed the information on March 9, 2017.

“We are working with Sabre to address this issue. We understand that Sabre engaged a leading cybersecurity frim to support its investigation,” the notice states. “Sabre indicated that they also notified law enforcement and payment card brands about this incident.”

The Trump Hotel chain has been the subject of past data breaches. In October 2015 it confirmed that it suffered a breach between May 2014 and June 2015. The Trump Toronto hotel was also impacted by that breach, which also included payment card information.

Related Download
Understanding the IOT Explosion and its Impact on Enterprise Security Sponsor: Fortinet
Understanding the IOT Explosion and its Impact on Enterprise Security

Register Now

Toronto included in Trump Hotels data breach