Donald TrumpDonald TrumpTexas announces election audit in four counties after Trump demand Schumer sets Monday showdown on debt ceiling-government funding bill Pennsylvania AG sues to block GOP subpoenas in election probe MORE’s hotels have been hit by hackers, the luxury chain confirmed on its Web site.
Trump Hotel Collection, owned by the presidential hopeful, has uncovered a data breach at seven of its locations during a period spanning over a year. The affected hotels were in New York, Miami, Chicago, Las Vegas, Waikiki and Toronto.
The hotel says that its “independent forensic investigator” did not find any evidence that information was taken from its networks, but that customers’ payment information may have been exposed to malware when it was being punched into the system.
Trump’s hotels have been under suspicion of a breach since July.
“Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties," Eric Trump, executive vice president of development and acquisitions at the Trump Organization, said in a statement. "We are committed to safeguarding all guests’ personal information.”
Trump Hotel Collection is offering a year of free credit fraud and identity protection services for customers between May of 2014 and June of this year.
The Trump chain will be investigating the intrusion in the shadow of an appeals court decision that ruled the Federal Trade Commission has the authority to bring enforcement actions against companies that fail to take adequate precautions to prevent a cybersecurity breach.
The court ruled unanimously that the agency can go forward with a lawsuit alleging that the hotel chain Wyndham Worldwide Corp. did not do enough to safeguard its customers’ personal data in advance of three significant hacks between 2008 and 2010.
The case has been closely watched as a barometer of the FTC’s authority to regulate companies’ data security practices.
Absent congressional mandates for minimum cybersecurity practices, the agency has brought more than 50 data security cases, and critics have suggested the Wyndham decision might open the door for the agency to further increase its punitive action against companies.
Others characterize the FTC’s cybersecurity actions to date as “judicious,” noting that it has largely limited itself to cases like Wyndham, where the allegations, if true, represent a clear case of deceptive trade practices and below-standard cybersecurity.