Trump Hotels Again The Target Of Hackers Seeking Credit Card Data

Enlarge this image toggle caption Alex Brandon/AP Alex Brandon/AP

Updated at 7:16 p.m. ET

President Trump has spent much of the past year talking about hackers who stole emails for political reasons.

But at Trump Hotels, hackers of a different sort were attacking.

Starting last summer, hackers broke into the system that manages the reservation booking service for 14 Trump hotels, stretching from Washington, D.C., to Scotland to Canada to Brazil.

But most of the attacks were concentrated in November — the month Trump was elected president. For example, the Trump International Hotel in Washington, D.C., was first hacked on Nov. 7 — the day before the election.

Trump Hotels' list of the hacked hotels shows that the problems began last summer at the Trump Soho Hotel in New York City and continued at different locations until early March of this year.

The statement said the target was Sabre Hospitality Solutions, which provides reservations services to Trump Hotels. Sabre did not notify Trump Hotels of the breaches until June of this year, the statement said.

The hackers were able to retrieve not only the credit card numbers and their expiration dates, but also the names, addresses and phone numbers of guests who had used the centralized booking system, the company said.

But more sensitive data — such as Social Security, passport and driver's license numbers — were not accessed.

A Sabre spokesman told The Washington Post, which first reported the story, that less than 15 percent of daily bookings on the reservation system were compromised.

Trump hotels often attract high-profile guests, including celebrities and political figures. The Washington hotel, located just blocks from the White House, has become an especially attractive gathering place for foreign officials and lobbyists. Several embassies have used the property for special receptions, and Trump himself occasionally eats at the hotel.

In its statement, the company said it takes the privacy and protection of its guests' information seriously. But TechCrunch says this is the third time Trump Hotels has been hit by hackers.

Its system was breached with malware targeting credit cards in July 2015 and again in early 2016. That year, the company was fined $50,000 for waiting months to notify customers after realizing their credit cards had been compromised.

Cybersecurity expert Matt Suiche told NPR that hotels are being targeted more frequently by criminals. For example, he pointed out, a hotel in Austria was recently the victim of a ransomware attack that temporarily prevented it from making new room keys in its electronic key system.

In the case of Trump Hotels, Suiche noted that because hackers targeted Sabre's reservation infrastructure, other clients of the vendor were probably targeted too.