Technology

Donald Trump's hotels examine credit card breach claim

Donald Trump Image copyright Getty Images
Image caption Donald Trump's organisation said it was "committed to safeguarding all guests' personal information"

Donald Trump's hotel business is investigating claims that it is the latest US firm to fall victim to a credit and debit card security breach.

Security expert Brian Krebs reported that US banks had identified a pattern of fraudulent transactions involving accounts that had been used at a Trump Hotel Collection property.

The attack appeared to date back to February, he said.

The company said it was carrying out a "thorough investigation".

"Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties.

"We are committed to safeguarding all guests' personal information and will continue to do so vigilantly," the Trump Organization executive vice-president Eric Trump said.

Suspicious transactions

In a blogpost published on 1 July, Krebs - a former Washington Post journalist - cited data from unnamed sources at several US banks suggesting a pattern of bank accounts being involved in suspicious transactions.

What each of the cases reportedly had in common was that the associated credit and debit cards had all previously been used at Trump hotels.

Krebs reported that at least five different locations were involved: Chicago; Honolulu; Las Vegas; Los Angeles; Miami; and New York.

Image copyright Getty Images
Image caption Donald Trump and his son Eric, who issued a statement saying the organisation was investigating the reports

According to Ken Westin, an analyst at online security firm Tripwire, the evidence suggested a "sophisticated and orchestrated attack".

He said: "When a larger group of organisations appears to be involved, it usually indicates that the breach took advantage of shared network resources or applications.

"Many organisations share back-end systems and payment gateways to reduce cost... and the data on these shared systems are very high value target for attackers."

The claims brought concerns about the security of US credit cards to the fore. Many people in the US still swipe their cards and verify their identities with their signatures, while other countries - the UK included - have moved on to chip-and-pin.

'Counterfeit cards'

Security consultant Graham Cluley said: "The problem is exacerbated by the fact that many cards in the States don't have chips, and rely purely on information stored on the card's magnetic strip.

"Creating counterfeit cards which replicate the data on those magnetic strips is well within the capabilities of many criminal gangs.

"The sooner American banks roll out cards with embedded chips the better I think. They really are lagging behind the rest of the world in this regard."

If the fears were confirmed, the Trump Organization would become the latest in a series of US firms to be the victim of a credit and debit card breach.

Hard Rock Hotel & Casino Las Vegas said in May that a malware attack may have allowed hackers to steal information about credit cards used at its locations. Target and Home Depot have also been attacked.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites